How does Ohloh measure license usage?
Ohloh determines the licensing of a project strictly through a detailed analysis of the source code. Instead of simply trusting the license terms that the project owners claim, we actually inspect the source code of the project. This can be a useful tool when determining the risks associated with using a project.
When we inspect projects, we scan every source code file. We look in the comments of the source code (often found at the top of the file) for mentions of a recognized license. Here’s an example of a source code file:
// The Foobar Project // by Joe Joejoejo // // This source code is release under the BSD License. // ...
In this case we attribute this file to be under the BSD License.
Projects with many licenses
While project authors have the right to decide what terms the original code they’ve written will be released under, they are often themselves bound to honor the terms of other projects they’ve integrated into their code. As projects evolve, multiple licenses may be drawn into the code base, which can lead to headaches for consumers. This is where Ohloh can help.
Files licenses only
Ohloh reports only licensing declarations found within individual source files. These licenses do not extend to the entire project. There are usually separate, global licensing terms which apply to the project as a whole, which may not be revealed by the Ohloh source code scan.
When the global and file licenses don’t match
Often, the global license of a project does not match the license of an individual file. This can be complicated by the fact that file licenses can impose terms on the global license. Many projects handle this correctly – the licenses in the source files are compatible with the global license of the project. There are some cases, however, where there’s a direct conflict. For example, a project cannot be released under the MIT license if it includes source files licensed under the Gnu Public License, because the Gnu Public License contains terms that are not satisfied by the MIT license. However, a project with a GPL global license could contain some source files governed by the MIT license.
I’m still confused! Can you help?
The exact meaning of the software licenses for projects containing many licenses can be really confusing. While Ohloh is working towards making this easier to understand, the safest approach is simply to ask the project authors for clarification.
To learn more about any license, click on the license name itself in the table. We link to the OSI website, which contains specific information about every license.