Community Mapbuilder Provenance Review

From OSGeo
Revision as of 20:47, 17 June 2006 by Wiki-Camerons (talk | contribs)
Jump to navigation Jump to search

Community Mapbuilder Code Provenance Review

Last Updated: 16 June 2006 This text has been copied from the Mapbuilder repository at mapbuilder/docs/licenceAudit/licenseAudit.txt.

Introduction

This page documents the results of a Licence audit of the Community Mapbuilder project. It is done in accordance with the OSGEO Foundation guidelines at: http://wiki.osgeo.org/index.php/Code_Provenance_Review

The results of the audit are stored in mapbuilder/docs/licenseAudit/licenseAudit.xls

Goal

To establish a reasonable comfort level that projects going through incubation do not have improperly contributed code, and that the code is all under the project license.

A code provenance review is desirable because it reduces the risk of the foundation, project developers or software users becoming involved in a legal action or having their use of the software disrupted by sudden removal of improperly contributed code. In particular, many enterprises will not build on open source software projects without some degree of assurance that care is being taken to avoid improper contributions.

It is not the goal to be able to prove that every source file, and every contribution to those files, was contributed properly. The onus is not on us to prove there are no problem. However we want to ensure we do not release code with provenance issues that we could have identified and corrected with a reasonable effort.

History

The current Community Mapbuilder codebase, known as mapbuilder-lib, started development in December 2003. It drew a number of design ideas from a dynamic web mapping application written by Raj Singh.

Community Mapbuilder started out under a GLP licence. In May 2005 we decided that Mapbuilder would grow into a stronger project under a LGPL licence and the licence was changed.

All developers who had contributed to the Mapbuilder-devel codebase were contacted and gave their approval to move their code from the GLP to LGPL licence. The decision was archieved in the Mapbuilder-devel email list. Mapbuilder-lib 0.4 and subsequent releases have been licenced under the LGPL. We were unable to contact Amri who had initially been part of design discussions. However, Amri had not contributed to the mapbuilder-lib codebase and hence it was not essential to gain his approval for the license change.

Email threads giving approval for converting to LGPL

 Cameron Shorter, Raj Singh, Nedjo Rodgers:
 http://sourceforge.net/mailarchive/forum.php?thread_id=7652435&forum_id=475
 Tom Kralidis:
 http://sourceforge.net/mailarchive/message.php?msg_id=12349638
 Nedjo Rodgers:
 http://sourceforge.net/mailarchive/message.php?msg_id=12254583
 Mike Adair:
 http://sourceforge.net/mailarchive/forum.php?thread_id=7653920&forum_id=475

Packaging

Mapbuilder uses Javascript and XSL which are interpreted languages. I.e. They are cannot be distributed as a binary. However, we do distribute a compressed version of Mapbuilder which removes all white space and comments (including license comments). We believe this is not an issue since we also distribute the source with license information in the comments.

Library Licenses

Library                                 License  Ok?     Comment
mapbuilder/lib/util/overlib/*           Artistic yes     As per: http://www.bosrup.com/web/overlib/?License
mapbuilder/lib/util/overlibmws/*        Artistic yes     As per mapbuilder/lib/util/overlibmws/license.html
mapbuilder/lib/util/sarissa/*           LGPL     yes     As per mapbuilder/lib/util/sarissa/Sarissa.js
mapbuilder/lib/util/scalebar/*          LGPL     yes     As per mapbuilder/lib/util/scalebar/license.txt
mapbuilder/lib/util/wz_jsgraphics/*     LGPL     yes     As per http://www.walterzorn.com/ and mapbuilder/lib/util/wz_jsgraphics/wa_jsgraphics.js (references http://www.gnu.org/copyleft/lesser.html).  There is a little confusion because the file references the GPL as well.
mapbuilder/lib/widget/MapScaleBar.js    LGLP    yes     yes     External library - should be stored in util directory

License Explaination

There are no issues for libraries with LGPL licenses.

The Mapbuilder project doesn't have a problem with the Artistic license as we beleive the intent of the license is compatable with LGPL, but the GNU site has the following to say:

(Original) Artistic License

   We cannot say that this is a free software license because it is too vague; some passages are too clever for their own good, and their meaning is not clear. We urge you to avoid using it, except as part of the disjunctive license of Perl.
   The problems are matters of wording, not substance. There is a revised version of the Artistic License (dubbed "Artistic License 2.0") which is a free software license, and even compatible with the GNU GPL. This license is being considered for use in Perl 6. If you are thinking of releasing a program under the Artistic License, please do investigate other GPL-compatible, Free Software licensing options listed here first.
   The Artistic License 2.0 is currently in a draft phase with The Perl Foundation. FSF is in active negotiations with the Perl Foundation regarding the license, and we look forward to a result which will benefit all users.

Code Copywrite Review

All files in mapbuilder/lib/* were reviewed. With the following exception, each file either contained a reference to the LGPL or no reference at all. When there is no reference, the license of the project was assumed. Full details of the audit are stored in mapbuilder/docs/licenseAudit/licenseAudit.xls

The following file had an issue with the license:

Library                                 License  Ok?     Comment
mapbuilder/lib/util/MGRS.js             LGPL     no      Contains: "Got library from somewhere but don't know where"
mapbuilder/lib/model/Proj.js	        LGLP	 yes 	 This program uses algorithms derived from GCTPC at http://edcftp.cr.usgs.gov/pub//software/gctpc/ .  As this code belongs to the US Government, we believe it is available to the public domain and hence is compabible with the LGPL.

Copywrite Holders

The copywrite holders is listed in mapbuilder/LICENSE. Currently this includes:

 Name                    Login Id
 Cameron Shorter         camerons
 Linda Derezinski        derezinski
 Matthew D. Diez         mattdiez
 Matthew Perry           
 Michael Jenik           maiqui
 Mike Adair              madair madair1
 Nedjo Rogers            nedjo
 Pat Cappelaere          cappelaere
 Radim Blazek            rabla
 Raj Singh               rajsingh
 Richard Greenwood       rgreenwood
 Steven M. Ottens        graphrisc steven
 Tom Kralidis            tomkralidis