Dataset: Copy-based Reuse in Open Source Software
Mahmoud Jahanshahi, Audris Mockus
TL;DR
The paper tackles the challenge of studying OSS-wide copy-based reuse by introducing a blob-centric measurement framework and a scalable WoC-driven pipeline that tracks the first appearance time $t_b(P)$ of a blob $b$ in a project $P$ and identifies copy events via origin-destination pairs $(P_o(b),P_d(b))$. It builds a public dataset of blob-level reuse across nearly the entire OSS ecosystem, leveraging mappings such as $c2fbb$, $c2dat$, and $c2P$ to produce timelines and copy instances (Ptb2Pt). The contributions include a rigorous, scalable methodology for discovering copy-based reuse at ecosystem scale and a dataset that enables research into security, licensing, and software quality risks, along with explicit limitations and future directions. Overall, this work enables researchers and tool developers to analyze, mitigate, and better manage risks associated with copy-based reuse in OSS ecosystems.
Abstract
In Open Source Software, the source code and any other resources available in a project can be viewed or reused by anyone subject to often permissive licensing restrictions. In contrast to some studies of dependency-based reuse supported via package managers, no studies of OSS-wide copy-based reuse exist. This dataset seeks to encourage the studies of OSS-wide copy-based reuse by providing copying activity data that captures whole-file reuse in nearly all OSS. To accomplish that, we develop approaches to detect copy-based reuse by developing an efficient algorithm that exploits World of Code infrastructure: a curated and cross referenced collection of nearly all open source repositories. We expect this data to enable future research and tool development that support such reuse and minimize associated risks.