[Incubator] Code Provenance Review

Daniel Brookshier dbrookshier at collab.net
Mon Mar 27 04:23:15 EST 2006 

Here is a little pre-meeting info on code review. I spoke with both  
BlackDuck and Palameda. Turns out that neither one of them is good at  
locating commercial source in an open source project. They are  
however great at finding where several open source licenses were used  
by inspection and comparison to their database of open source projects.

The prices vary. As usual, it is hard to get a dollar figure out of  
these guys. BlackDuck has a self service system that is about $3,000  
US for 10,000 lines inspected. As the number goes up, you get a  
volume discount. Steep for open source, but not too bad if you are a  
corporation trying to figure out what is your IP and what is from  
open source.

Not sure I see the value in these services. Best it can show is if  
you lifted another open source project. The tools are meant for a far  
different purpose of IP management and not to vet open source code  
much further from its license providence.

Best I can recommend at the moment is a code search for "license" and  
check to see if they all say the same thing. At least  it is  
something to keep a perl programmer happy for about 5 minutes.

Both companies have offered to come talk to us if we are still  
interested.

Daniel Brookshier | Community Manager | CollabNet, Inc.
8000 Marina Blvd. Suite 600 | Brisbane, CA 94005 | USA
O 972.422.5261 | C 214.207.6614 | dbrookshier at collab.net


On Mar 26, 2006, at 3:37 PM, Frank Warmerdam wrote:

> Folks,
>
> For the Incubator meeting Monday (2:00pm eastern time) I agreed to  
> produce
> a draft Code Provenance Review process.  While it is pretty rough,  
> I have
> prepared such a document in the wiki at:
>
>   http://wiki.osgeo.org/index.php/Code_Provenance_Review
>
> I would appreciate it if everyone could review it and comment  
> either to this
> list in advance of the meeting, or during the meeting.
>
> I have also started an attempt to do such a provenance review for  
> GDAL at:
>
>   http://wiki.osgeo.org/index.php/GDAL_Provenance_Review
>
> It isn't exactly a 1:1 correspondance to the process document.   
> Some things
> that seemed like a good step for GDAL (ie. identifying all  
> committers) didn't
> seem to important when I worked on the process document.  Also, I'm  
> not
> completed the work for GDAL.  It may be that my GDAL document is a  
> bit more
> detailed than we really need to do in general, though I think it  
> gives an
> idea of what to be looking for.
>
> Best regards,
> -- 
> --------------------------------------- 
> +--------------------------------------
> I set the clouds in motion - turn up   | Frank Warmerdam,  
> warmerdam at pobox.com
> light and sound - activate the windows | http://pobox.com/~warmerdam
> and watch the world go round - Rush    | President OSGF, http:// 
> osgeo.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: incubator-unsubscribe at incubator.osgeo.org
> For additional commands, e-mail: incubator-help at incubator.osgeo.org
>

More information about the Incubator mailing list