...
GÉANT development and maintenance teams can contact the OSLS through the GÉANT Slack channel or email. SCA and SLA services are requested by submitting a software review request to the GÉANT Jira Software Tools Help Desk [Jira_RSWR GÉANT Jira Software Tools Help Desk], which also serves to track the progress of the work on them. Several iterations of analysis and licence and dependency adjustments may be required to reach satisfactory IPR status. The IPR Coordinator can be reached when assistance with licensing decisions is needed.
...
These are preceded by a number of preparatory activities and decisions, and should be followed by measures that ensure long-term, continuous licence management. Details of the preparation required for the process, the above steps, and ongoing licence management activities in GÉANT are provided in the following sections. (For further information about the four steps, see GÉANT’s Open Source Licensing and Compliance training [OSLC_TrainingOpen Source Licensing and Compliance].)
Preparation
- Decide on the software name, grouping of subprojects and use of available contributions.
- New projects might require a proof of concept or prototype to identify and validate key components.
- Gather preexisting information and documentation.
- Consolidate the project’s components in repositories into a single project or clarify their relationships if it is more advantageous for them to remain separate.
- Make sure your software is on GÉANT GitLab [GN_GitLabGÉANT GitLab ] or GitHub [GitHub GitHub].
- Register the software project in the GÉANT Software Catalogue [GN_SC GÉANT Software Catalogue].
- Internally address authorship and copyright matters.
...
The software may include non-original artefacts and assets or those with different licences. These assets, which may not be easily detected with SCA tools, should be documented with their origin, copyright and licence as soon as they are added to the project. The methods for accomplishing this are detailed in Section 2.10 Licences and Tracking of Documentation, Data and Other Works. Failing to document them promptly can complicate their identification and tracking in the future.
One or Several Projects?
When handling multiple projects, it is crucial to determine and specify which dependencies should be incorporated into the SCA analysis. This decision may also depend on the relationship between components and their respective responsibilities. For example, whether one project serves as a subproject managed by the same team or may be intended to function as a module within a larger project overseen by different developers. If so, there may be a need to comprehensively analyse both projects, including their dependencies and, potentially, their source code, even if it is kept in separate repositories.
...
- GÉANT IPR Policy [GN_IPRPolicy https://about.geant.org/wp-content/uploads/2022/06/GEANT-_IPR_Policy_2022.pdf]
- OSS licences and licence selection [Wiki_OSSL&LS OSS licences and licence selection] – an introductory guide
- OSS Licences in GN4-3 and GN5-1 GÉANT Project: Current State and Recommendations [Wiki_OSSLWP Open Source Software Licences in GN4-3 and GN5-1 GÉANT Project: Current State and Recommendations] – project-oriented white paper for GÉANT participants. A guide on licence selection with an appendix describing the OSS licences most frequently used by analysed projects
- Software licence selection and management in GÉANT [Wiki_SWLS&M Software licence selection and management in GÉANT] – a maintained online version of this guide.
- Important licences for licence selection [Wiki_ImportantLicences Important licences for licence selection] – descriptions and compatibility of most frequently used licences in GÉANT
- Reference information about OSS licences and tools [Wiki_OSSL_RefInfo Reference information about OSS licences and tools] – a comprehensive catalogue of thematically organised resources and pointers
- GÉANT software best practice BP-B.6: Manage sideground IPR [GN_BP_B6 GÉANT software best practice BP-B.6: Manage sideground IPR]
- OSI Approved Licenses [OSI_Licences https://opensource.org/licenses/]
...
Glossary
| AGPL | GNU GNU Affero General Public Licence |
| API | Application Application Programming Interface |
| BSD | Berkeley Berkeley Source Distribution |
| CC | Creative Creative Commons |
| CC BY | Creative Creative Commons Attribution licence |
| CC BY-NC | Creative Creative Commons Attribution-NonCommercial licence |
| CI | Continuous Continuous Integration |
| CI/CD | Continuous Continuous Integration / Continuous Delivery |
| CLA | Contributor Contributor License Agreement |
| EC | European European Commission |
| EPL | Eclipse Eclipse Public License |
| EU | European European Union |
| EUPL | European European Union Public Licence |
| EURISE | European European Research Infrastructure Software Engineers |
| FAIR | FindabilityFindability, Accessibility, Interoperability and Reusability |
| GFDL | GNU GNU Free Documentation License |
| GPL | GNU GNU General Public License |
| GUI | Graphical Graphical User Interface |
| ICT | Information Information and Communication Technology |
| IP | Intellectual Intellectual Property |
| IPR | Intellectual Intellectual Property Rights |
| JLA | Joinup Joinup Licensing Assistant |
| MIT | Massachusetts Massachusetts Institute of Technology |
| MPL | Mozilla Mozilla Public License |
| NC | NonCommercialNonCommercial |
| ND | NoDerivativesNoDerivatives |
| NREN | National National Research and Education Network |
| OSI | Open Open Source Initiative |
| OSLS | Open Open Source and Licence Support |
| OSS | Open Open Source Software |
| PLM | Product Product Lifecycle Management |
| R&E | Research Research and Education |
| SA | ShareAlikeShareAlike |
| SBOM | Software Software Bill of Materials |
| SCA | Software Software Composition Analysis |
| SLA | Software Software Licence Analysis |
| UA | Unified Unified Agent |
| UI | User User Interface |
| WP | Work Work Package |
| WP9 | Work Work Package 9 Operations Support |
| WP9 Task 2 | WP9 WP9 Task 2 Software Governance and Support |
...