Automatic License Certification By The Numbers
In 2016, we introduced the notion of license certification intellectual property (IP) due diligence (“Type A”) into the Eclipse IP Policy with a goal in mind to automate the certification process. At that time, we started a process of evaluating tools that could be used for automatic validation and eventually discovered Scancode.
In our testing, we found that Scancode does a very good job of discovering licenses (and copyrights, which we may take better advantage of later), with the added bonus of having a very simple-to-use command-line interface (CLI) that produces reports in a handful of handy formats (including JSON and SPDX) that are easily machine readable.
The Eclipse Webmaster integrated Scancode into the Eclipse Genie process. Genie jumps into action when it notices a “Type A” third party content review request (“Contribution Questionnaire”) with attached source code, and PMC approval. If the licenses discovered in the attached content are compatible with the project license, Genie automatically license certifies the content.
After running for a few months, it looks like we’re getting about a 50% hit rate. That is, about half of all third party content license certification requests are being automatically approved without needing to engage the Eclipse IP Team.
Note that some of the older bumps in the graph come from requests that were retroactively designated as “Type A”, and that little bump in automatic approvals in March is from Webmaster testing.
I’ll admit that it’s a little suspect to me that the graphs line up so closely starting in July. I’m pretty confident in the query and have reviewed the data, so it’s accurate as far as I know.
It’ll be interesting to see how the pattern tracks over time.