Open Source Management: Words of Advice from One Open Source Auditor to Another
Oct 26, 2012, 19:00 (0 Talkback[s])
(Other stories by Nathan Knowles)
Tackling your first few audits can seem cumbersome and intimidating; from identifying different open source package versions to being given incorrect information from developers. To help with these issues consider the following. Three things you should always consider: Confirm package and license: Sometimes different package versions have different licenses, and just knowing that a certain package is there isn't enough. The way I tackle this issue is by visiting the project website, and if necessary, I download and compare my source code to that of the open source package. This tactic is also helpful when you come across potential bundled dependencies that you are calling into question.