As we see a rise in the use of open source across EU administrations, the question of licence compliance is increasingly important. Hermine is an open source software aimed at assisting in the formulation of Free and Open Source Software (FOSS) policies. Its primary objective is to provide a structured framework for systematically analysing FOSS licences.
“The Hermine project originated from the aspiration to have a fully open source toolchain for handling open source compliance. During our work, we realised that most of the required building blocks for this toolchain were already available as open source and needed one last link on the licence analysis side.
We also aimed to create a tool with a community-based governance structure, one that wouldn't rely solely on us.” Camille Moulin, project manager for Hermine at Inno³
The software functions by breaking down the analysis of a licence into three key components:
Global Characteristics of Licences:
SPDX Identifier: The unique SPDX ID of the licence, which might include exceptions.
Name: The full name of the licence according to the SPDX standard.
URL: The reference URL of the licence.
Copyleft: Describes the type of reciprocity clause present in the licence, such as permissive, strong copyleft, weak copyleft, strong network copyleft, or weak network copyleft.
FOSS: Specifies whether the licence is considered Free or Open Source software.
Law and Venue Choice: Indicates the applicable law and venue chosen in the licence.
Disclaimer of Warranty and Limitation of Liability: Determines if the licence includes a warranty disclaimer or a non-liability clause.
Exact Text of the Licence: The complete text of the licence if not available on the SPDX website.
FOSS Policy:
Review Status: The current review status of the policy (e.g., to check, checked, pending, etc.).
OSS Policy Acceptability: Determines whether the licence is always allowed, never allowed, or allowed depending on the context.
OSS Policy Explanation: Provides reasoning for non-green choices and acceptable contexts for licences marked as orange.
Comment: Explanation of the interpretation of the licence.
Conditions of Use:
Patent Grant: Specifies if the licence includes a patent grant.
Ethical Clause: Identifies the presence of an ethical clause within the licence.
Restrictions on Use: Indicates if the licence permits only non-commercial use.
Additionally, the software offers optional information like categories, licence version, root of the licence name, authorization for applying later versions of the licence, steward entity, inspiration from other licences, OSI and FSF approval status, clauses against tivoization, among other details.
Moreover, Hermine allows for the definition of authorized contexts for licences restricted to certain use cases. It offers a framework for categorizing obligations within licences into active/passive obligations, triggers of obligations based on exploitation and modification status, and generic obligations known as “core generic obligations.”
By systematically breaking down licences into these components, Hermine aids in understanding and formulating policies regarding the usage and compliance of various FOSS licences.
“Our next step is to publish licences for use in the software. While our solution is in an early development stage, we hope for people's support in categorising efforts to make it a useful tool for everyone.” Camille Moulin, project manager for Hermine at Inno³