Camille Moulin

Hermine is a FOSS (AGPL 3) tool to ease collaboration inside organisations between lawyers, developers and product owners, and between legal teams of different organisations. It helps validating SBOMs from other tools and list the resulting concrete legal obligations according to the technical and business context of usage of the different FOSS components.

Camille has been actively promoting Open Source, Open Standards and interoperability for more than ten years, notably as a member of the AFUL, where he's been a member of the board since 2007. Leveraging his significant experience in helping corporations defining Open Source strategies and conformance policies, he's co-leading the Open Source governance activity at inno³. He's also particularly interested in the tooling enabling a better Open Source management.

Most dependency managers integrate a licensing dimension to their packages and their contributors are generally very receptive to best practices in the domain, like following the SPDX standard and its evolutions. The importance of the legal dimension of these tools is underlined by the evolution of the services that are built on top of them: services like versioneye and librairies.io had their primary focus on technical aspects (like detecting not up to date dependencies), but now also includes features related to licensing like licence whitelisting or licence compatibility. This short talk will present a summary of the maturity of the different package managers licencing-wise, some examples of concrete issues of implementing best practices, and tools that already exist or that are still lacking to allow developpers to take advantage of easily-available licensing information.