...
| Info | ||||
|---|---|---|---|---|
| ||||
|
Instead of this page, please read the enhanced PDF version. Its textual improvements will soon be reflected in this Wiki, making it easier for you to comment or contributeA PDF snapshot of this document from March 2024 is also available. Information provided on this page is up-to-date.
Table of Contents
Table of Contents
...
GÉANT development and maintenance teams can contact the OSLS through the GÉANT Slack channel or email. SCA and SLA services are requested by submitting a software review request to the GÉANT Jira Software Tools Help Desk [Jira_RSWR GÉANT Jira Software Tools Help Desk], which also serves to track the progress of the work on them. Several iterations of analysis and licence and dependency adjustments may be required to reach satisfactory IPR status. The IPR Coordinator can be reached when assistance with licensing decisions is needed.
...
These are preceded by a number of preparatory activities and decisions, and should be followed by measures that ensure long-term, continuous licence management. Details of the preparation required for the process, the above steps, and ongoing licence management activities in GÉANT are provided in the following sections. (For further information about the four steps, see GÉANT’s Open Source Licensing and Compliance training [OSLC_TrainingOpen Source Licensing and Compliance].)
Preparation
- Decide on the software name, grouping of subprojects and use of available contributions.
- New projects might require a proof of concept or prototype to identify and validate key components.
- Gather preexisting information and documentation.
- Consolidate the project’s components in repositories into a single project or clarify their relationships if it is more advantageous for them to remain separate.
- Make sure your software is on GÉANT GitLab [GN_GitLabGÉANT GitLab ] or GitHub [GitHub GitHub].
- Register the software project in the GÉANT Software Catalogue [GN_SC GÉANT Software Catalogue].
- Internally address authorship and copyright matters.
...
The software may include non-original artefacts and assets or those with different licences. These assets, which may not be easily detected with SCA tools, should be documented with their origin, copyright and licence as soon as they are added to the project. The methods for accomplishing this are detailed in Section 2.10 Licences and Tracking of Documentation, Data and Other Works. Failing to document them promptly can complicate their identification and tracking in the future.
One or Several Projects?
When handling multiple projects, it is crucial to determine and specify which dependencies should be incorporated into the SCA analysis. This decision may also depend on the relationship between components and their respective responsibilities. For example, whether one project serves as a subproject managed by the same team or may be intended to function as a module within a larger project overseen by different developers. If so, there may be a need to comprehensively analyse both projects, including their dependencies and, potentially, their source code, even if it is kept in separate repositories.
...
Figure 3.1 presents an example of the use of the EU emblem with the appropriate text about GÉANT and its funding:
...
The project’s documentation should explain how users and contributors can check the file for release notes.
4 Resources
4.1 1 Contact
- IPR Coordinator email: iprcoordinator@geant.org
- WP9 Task 2 Open Source and Licence Support (OSLS, software licensing)
- Slack: #sw-licences at https://geant-project.slack.com workspace
- Email: sw-licences@software.geant.org
- GÉANT Marcomms Team email: marcomms@geant.org
4.2 2 Training Materials
- Training course: Open Source Licensing and Compliance [OSLC_Traininghttps://e-academy.geant.org/moodle/course/view.php?id=214]
- Webinar: License Dependencies Analysis with WhiteSource [LDAwithWS_Webinarhttps://e-academy.geant.org/moodle/course/view.php?id=220]
- Training course: Introduction to Open Source Licensing and Compliance 2023 [IntroOSLC_Traininghttps://e-academy.geant.org/moodle/course/view.php?id=478]
- Infoshare: Software Licences Management in GÉANT [SWLMinGN_Infoshare Infoshare: Software Licences Management in GÉANT]
...
- GÉANT IPR Policy [GN_IPRPolicy https://about.geant.org/wp-content/uploads/2022/06/GEANT-_IPR_Policy_2022.pdf]
- OSS licences and licence selection [Wiki_OSSL&LS OSS licences and licence selection] – an introductory guide
- OSS Licences in GN4-3 and GN5-1 GÉANT Project: Current State and Recommendations [Wiki_OSSLWP Open Source Software Licences in GN4-3 and GN5-1 GÉANT Project: Current State and Recommendations] – project-oriented white paper for GÉANT participants. A guide on licence selection with an appendix describing the OSS licences most frequently used by analysed projects
- Software licence selection and management in GÉANT [Wiki_SWLS&M Software licence selection and management in GÉANT] – a maintained online version of this guide.
- Important licences for licence selection [Wiki_ImportantLicences Important licences for licence selection] – descriptions and compatibility of most frequently used licences in GÉANT
- Reference information about OSS licences and tools [Wiki_OSSL_RefInfo Reference information about OSS licences and tools] – a comprehensive catalogue of thematically organised resources and pointers
- GÉANT software best practice BP-B.6: Manage sideground IPR [GN_BP_B6 GÉANT software best practice BP-B.6: Manage sideground IPR]
- OSI Approved Licenses [OSI_Licences https://opensource.org/licenses/]
4.4 Services
- GÉANT Software Licence Management (homepage) [Wiki_SWLM GÉANT Software Licence Management (homepage)]
- Jira requests for SCA and SLA [Jira_RSWR https://jira.software.geant.org/servicedesk/customer/portal/2/create/55]
- Software Reviews [Wiki_SWReviews Software Reviews – GÉANT Software Development Support] – GÉANT Software Development Support
- GÉANT Mend, with login via GÉANT SSO, special permissions may apply [GN_Mend https://app-eu.whitesourcesoftware.com]
- Accessing Mend and visibility levels [Wiki_MendAccess Accessing Mend and visibility levels] – visibility of Mend scan results
- Mend short guide for end users [Wiki_MendGuide Mend short guide for end users] – also explains the interpretation of Mend reports
- The Risk Report [Mend_TRR https://docs.mend.io/bundle/sca_user_guide/page/the_risk_report.html] – short Mend report guide for end users
- GÉANT GitLab [GN_GitLab https://gitlab.software.geant.org]
- GÉANT Software Catalogue [GN_SC https://sc.geant.org]
References
Glossary
| AGPL |
| GNU Affero General Public Licence |
| API |
| Application Programming Interface |
| BSD |
| Berkeley Source Distribution |
| CC |
| Creative Commons |
| CC BY |
| Creative Commons Attribution licence |
| CC BY-NC |
| Creative Commons Attribution-NonCommercial licence |
| CI |
| Continuous Integration |
| CI/CD |
| Continuous Integration / Continuous Delivery |
| CLA |
| Contributor License Agreement |
| EC |
| European Commission |
| EPL |
| Eclipse Public License |
| EU |
| European Union |
| EUPL |
| European Union Public Licence |
| EURISE |
| European Research Infrastructure Software Engineers |
| FAIR |
| Findability, Accessibility, Interoperability and Reusability |
| GFDL |
| GNU Free Documentation License |
| GPL |
| GNU General Public License |
| GUI |
| Graphical User Interface |
| ICT |
| Information and Communication Technology |
| IP |
| Intellectual Property |
| IPR |
| Intellectual Property Rights |
| JLA |
| Joinup Licensing Assistant |
| MIT |
| Massachusetts Institute of Technology |
| MPL |
| Mozilla Public License |
| NC |
| NonCommercial |
| ND |
| NoDerivatives |
| NREN |
| National Research and Education Network |
| OSI |
| Open Source Initiative |
| OSLS |
| Open Source and Licence Support |
| OSS |
| Open Source Software |
| PLM |
| Product Lifecycle Management |
| R&E |
| Research and Education |
| SA |
| ShareAlike |
| SBOM |
| Software Bill of Materials |
| SCA |
| Software Composition Analysis |
| SLA |
| Software Licence Analysis |
| UA |
| Unified Agent |
| UI |
| User Interface |
| WP |
| Work Package |
| WP9 |
| Work Package 9 Operations Support |
| WP9 Task 2 |
| WP9 Task 2 Software Governance and Support |