»¶Ó­ÉçÇø³ÉÔ±²éÔļÍÒª£¬¼ÓÈëºÏ¹æSIG

»áÒéÖ÷Ìâ
Subject

OpenHarmony ºÏ¹æSIGÀý»á £¨Sig-compliance£©

 

»áÒéʱ¼ä
Time

2022-10-14 15:30-16:30(UTC+08:00)Beijing

 

ʵ¼ÊÓë»áÈË
Attendees

Oniro£º   Piana£¬Alberto£¬Rahul¡¢ Jaroslaw Marek (Jarek)¡¢  Davide Ricci¡¢  Wangke (Michael Wang) ¡¢

Compliance-SIG:   ³ÂÑÅÑ®¡¢¸ßçû¡¢Ö£Ö¾Åô¡¢´ÔÁÖ¡¢ÓàÌ𡢸ßÁÁ¡¢

 

»áÒéÒéÌâ
Agenda

񅧏
No.

ÒéÌâÃû³Æ
Topic

ÒéÌâÀàÐÍ
Category

ʱ³¤
Duration

Æðֹʱ¼ä
Time

»ã±¨ÈË
Reporter

¼ÍÒªÈË
Recorder

ÒéÌâ²ÎÓëÈË
Members

1

OSS Compliance in Onrio

ÑÐÌÖÀà

60min

15:30-16:30

Piana£¬Alberto£¬Rahul

 

 

»áÒé¼ÍÒª

»áÒéÏêϸ¼ÍÒª¼û  https://zulip.openharmony.cn/#narrow/stream/62-compliance_sig/topic/Meeting20221014 £¨ÔÝʱÏÂÏß¡¢temporarily offline£©

ºÏ¹æSIGÏîÄ¿ÐÅÏ¢ £º https://gitee.com/openharmony/community/blob/master/sig/sig-compliance/sig_compliance_cn.md

ºÏ¹æSIGЭ×÷ƽ̨£ºhttps://etherpad.openharmony.cn/p/compliance £¨ÔÝʱÏÂÏß¡¢temporarily offline£©

 

±¾´Î»áÒéÖ÷ÒªÄÚÈÝ£º

 

ÒéÌâ1¡¢OSS Compliance in Onrio

»áÒé½áÂÛ£º

1¡¢ Process for Managing and resolving compliance issue

1£© Compliance Issues are managed in the private repo which is mirrored from oniro repo

2£© Technical meetings with developers and anction items for developers may be reflected in main project repo

3£© Third party components compliance issue will be raise in upstream repo

2¡¢ Certification£ºopenchain

1£© openchain is a International Standard for open source license compliance

2£© openchain use another Standard which called spdx that help telling what is in the package in machine readable way

3£© Quality system should adapt your organization implementing the Standard, then find out whether you are compliance £¬ you can also have the third party to certify your conform

3¡¢ TOOLs£º

1£©Fossology support human validation of automated license scanner results£¬ to fix false positives and false negatives£¬ and detect possible compliance issue

2£© Audit is an asyincronous process£¬should flow in parallel with development

4¡¢Demo: Example of  A component clearing in Fossology

      1£©Audit Policy for OSTC  

https://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/docs/-/blob/main/audit_workflow/oniro_ip_audit_guidelines.md

      2£© Binary file ¡¢ License and Copyright Identify  in  Fossology   https://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/docs

      3£© example of compliance issue which found in OpenHarmony 3.0 (Result of  audit of OpenHarmony-3.0-LTS)

5¡¢ Frequency Controversial issues

1£©hardware support¡¢ patents on audio/video codecs etc ¡¢License incompatibilities¡¢ copyright and patent trolls

6¡¢Reuse Third Party work

      1£© upstream first

      2£© if upstream doesn¡¯t  accept our changes, please clear separation between upstream sources and downstream changes( original package+ patches folder   or  forking and  correctly branching)