​GitHub makes open-source project licensing easier with an open-source program

How do you address handling open-source licensing for your program? By using an open-source program!
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Open-source licensing can get ... complicated. These days, many programs are 20 percent original code on top of 80 percent previously open-sourced code. To help address the resulting licensing complications, GitHub has open sourced Licensed, an internal tool they've used to automate some of GitHub's open-source projects licensing process.

That's pretty impressive considering only a few years ago, GitHub's laissez-faire attitude to licensing had led to 77 percent of all GitHub programs having no licenses at all. If that doesn't sound important to you, then you're a developer who's never tried to commercialize their program.

Licensed will help developers efficiently use their code's open-source licensing by spotting potential problems with a program's dependency license early in its development cycle.

All that said, as GitHub points out, in of course a code format:

1 of 1 consulted lawyers agree, Licensed is not a replacement for the legal advice of a human.

Licensed works in any Git repository, by finding, caching, and checking license metadata for dependencies. It can detect dependencies from multiple language types and package managers across multiple projects in a single repository. This flexibility allows Licensed to work equally well for a repository holding thousands of projects as it would for a repository containing a single project.

This newly open-source program operates on the concepts of "applications". An application is defined as the combination of a source location and a cache directory. A configuration file is used to specify one or more application you're checking for licensing concerns.

The program discovers what dependencies exist for each of your applications. For each dependent library or routine found, Licensed finds its dependency source location in the local environment and extracts its basic metadata (e.g. name, version, homepage, and summary).

It then uses the Licensee program to determine each dependency file's license and find its license text.

Licensed then caches the metadata and license information. Once tracked down, its cached record makes it easy to take care of such common licensing problems as files which require that you distribute a copy of the required licenses. Licensed makes it easy not only to automate the build and distribution of these licenses, but to provide an open-source licensing bill of materials for your project. If Licensed finds a problem, it reports any dependencies needing review.

Licensed ensures that dependencies meet the open-source license requirements, via a continuous integration (CI) job. This largely gets the nagging problem of tracking licenses out of the developer's hair. Since the last thing any programmer wants to do is track down licenses, this is a real win.

Licensed has already been proven to work well at GitHub. If you want to use it to simplify licensing concerns for your project -- and who doesn't? -- you should check it out. GitHub's programmers would also be more than happy to work together with you in adapting the tool for your team's workflow or adding support for your favorite package manager.

Related Stories:

Editorial standards