欢迎社区成员查阅纪要,加入合规SIG
会议主题
Subject
OpenHarmony 合规SIG例会 (Sig-compliance)
会议时间
Time
2022-10-14 15:30-16:30(UTC+08:00)Beijing
实际与会人
Attendees
Oniro: Piana,Alberto,Rahul、 Jaroslaw Marek (Jarek)、 Davide Ricci、 Wangke (Michael
Wang) 、
Compliance-SIG: 陈雅旬、高琨、郑志鹏、丛林、余甜、高亮、
会议议题
Agenda
编号
No.
议题名称
Topic
议题类型
Category
时长
Duration
起止时间
Time
汇报人
Reporter
纪要人
Recorder
议题参与人
Members
1
OSS Compliance in Onrio
研讨类
60min
15:30-16:30
Piana,Alberto,Rahul
会议纪要
会议详细纪要见
https://zulip.openharmony.cn/#narrow/stream/62-compliance_sig/topic/Meeting…
(暂时下线、temporarily offline)
合规SIG项目信息 :
https://gitee.com/openharmony/community/blob/master/sig/sig-compliance/sig_…
合规SIG协作平台:https://etherpad.openharmony.cn/p/compliance (暂时下线、temporarily offline)
本次会议主要内容:
议题1、OSS Compliance in Onrio
会议结论:
1、 Process for Managing and resolving compliance issue
1) Compliance Issues are managed in the private repo which is mirrored from oniro repo
2) Technical meetings with developers and anction items for developers may be reflected in
main project repo
3) Third party components compliance issue will be raise in upstream repo
2、 Certification:openchain
1) openchain is a International Standard for open source license compliance
2) openchain use another Standard which called spdx that help telling what is in the
package in machine readable way
3) Quality system should adapt your organization implementing the Standard, then find out
whether you are compliance , you can also have the third party to certify your conform
3、 TOOLs:
1)Fossology support human validation of automated license scanner results, to fix false
positives and false negatives, and detect possible compliance issue
2) Audit is an asyincronous process,should flow in parallel with development
4、Demo: Example of A component clearing in Fossology
1)Audit Policy for OSTC
https://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/docs…
2) Binary file 、 License and Copyright Identify in Fossology
https://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/docs
3) example of compliance issue which found in OpenHarmony 3.0 (Result of audit of
OpenHarmony-3.0-LTS)
5、 Frequency Controversial issues
1)hardware support、 patents on audio/video codecs etc 、License incompatibilities、
copyright and patent trolls
6、Reuse Third Party work
1) upstream first
2) if upstream doesn’t accept our changes, please clear separation between upstream
sources and downstream changes( original package+ patches folder or forking and
correctly branching)