FOSS-chain: using blockchain for Open Source Software license compliance
Kypros Iacovou, Georgia M. Kapitsaki, Evangelia Vanezi
TL;DR
Open Source software license compliance is challenging due to copyleft and permissive licenses and their compatibility constraints. The authors present FOSS-chain, a blockchain-based platform that uses smart contracts and function-level hashing to proactively enforce OSS license compatibility for derivative works. The system supports 14 OSS licenses, maintains immutable licensing records on-chain, and detects potential license conflicts during derivative uploads. A small-scale user study suggests the platform is usable and promising for small to mid-sized organizations, with feedback guiding future improvements. The work demonstrates a pathway to upstream, automated license management using blockchain technology.
Abstract
Open Source Software (OSS) is widely used and carries licenses that indicate the terms under which the software is provided for use, also specifying modification and distribution rules. Ensuring that users are respecting OSS license terms when creating derivative works is a complex process. Compliance issues arising from incompatibilities among licenses may lead to legal disputes. At the same time, the blockchain technology with immutable entries offers a mechanism to provide transparency when it comes to licensing and ensure software changes are recorded. In this work, we are introducing an integration of blockchain and license management when creating derivative works, in order to tackle the issue of OSS license compatibility. We have designed, implemented and performed a preliminary evaluation of FOSS-chain, a web platform that uses blockchain and automates the license compliance process, covering 14 OSS licenses. We have evaluated the initial prototype version of the FOSS-chain platform via a small scale user study. Our preliminary results are promising, demonstrating the potential of the platform for adaptation on realistic software systems.