Background

In 2020, just after FOSDEM, I thought about the many misconceptions about licenses I’ve heard. Yeah yeah yeah, I probably have quite a few myself. At the same time I was thinking how to automate license compliance. One of the things I was missed was a license compatibility tool.

So, what to do? Of course, let’s write a tool!

What is flict?

FOSS License Compatibility Tool (flict) is a Free and Open Source Software tool to verify license compatibility for a package and its dependencies. You can use the tool to automate license compatibility verification in your compliance work flow.

flict can:

  • verify licenses compatibility for license expression and a packages and its dependencies

  • suggest candidate outbound licenses

  • simplify license expressions

  • display, in misc format, compatibilities between licenses

  • check outbound licenses against a policy (policy as supplied by the user)

  • automatically relicense (e.g. GPL-2.0-or-later to GPL-2.0-or-later or GPL-3.0-or-later)

  • translate from non SPDX license expressions to SPDX (e.g. BSD3 to BSD-3-Clause)

A bit of history of the flict approach to license compatibility

Codifying licenses

The first attempt of deciding license compatibility was done by codifying license terms. Still, this may be the correct approach but after a while it turned out that this approach needs a lot of time, let alone the coding.

Note : OSADL has classified licenses in their Open Source License Checklists

License Compatibility Graph

Next attempt was trying to use a graph, similar to David Wheeler’s work in The Free-Libre / Open Source Software (FLOSS) License Slide and Brett Smith’s A Quick Guide to GPLv3. The work started here: FOSS License Compatibility Graph. Perhaps this is the right approach, but less likely.

License Matrix

The current approach is to use OSADL‘s license classification in their Open Source License Matrix and also experimentally Nexb‘s ScanCode LicenseDB.

Currently flict supports some 70 licenses (flict -of text list).

We’re looking into using Nexb’s ScanCode LicenseDB, which will make flict support over 900 licenses (flict -es -of text list).

Note :From OSADL’s matrix we can generate a graph over compatibilities between licenses. To create a graph over the compatibility between BSD-3-Clause MIT GPL-2.0-only you can type: flict -of dot display-compatibility BSD-3-Clause MIT GPL-2.0-only > compat.dot && dot -Tpdf compat.dot -O

Programming language

Flict was initially written Java, a language I’ve taught at universities so I kind of know it. After some 10 rewrites, inspired by Scancode, we ended up with a complete rewrite in Python. I will not dive into a discussion about why Python instead of Java or some other language but I can say I am happy with the switch to Python although I would not call myself a Python hacker.

Contributors

The following organizations or individuals have made contributions to flict:

Contributing

The flict developers accept contributions via pull requests

Thanks

There are many people to thank for their input. Among them we would like to point out:

How can I try flict?

Manual installation

Check out: INSTALLATION.md

Docker image

We have compiled a couple of compliance tools in a docker image. Among them, flict. Check out Compliance Tool Collection. Installation procedure in the README.md.

Examples

To simplify the expression MIT and BSD-3-Clause and MIT, type:

$ flict simplify MIT and BSD-3-Clause and MIT
{"original": "MIT and BSD-3-Clause and MIT", "simplified": "BSD-3-Clause AND MIT"}

To get candidates for outbound license:

$ flict -of text verify -le MIT and BSD and GPL-2.0-or-later
The licenses in the expression "MIT and BSD and GPL-2.0-or-later" are compatible.
Outbound license candidates: GPL-2.0-only, GPL-3.0-only
NOTE: the suggested outbound candidate licenses need to be manually reviewed.

… and of course, to get help text:

$ flict -h

More examples here: EXAMPLES

About the cover image

Software License from flickr, (c) 2020 Henrik Sandklef released under Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0)

A small text portion of GPL version 3.