-
Notifications
You must be signed in to change notification settings - Fork 22
faqs
Mark Gisi edited this page Dec 6, 2018
·
1 revision
This is the FAQ for the OpenChain specification. We highly recommend all contributors to specification's development review these questions and answers as a first step to contributing.
- What is the objective of the OpenChain specification?
- What are the Specification Guiding Principles?
To define a core set of requirements a Open Source compliance program should satisfy to achieve: a level of trust that an organization provides the artifacts required to achieve Open Source license compliance for software it shares with others. Compliance artifacts consist of: source code, build scripts, license copies, attribution notices, modification notices, SPDX data and other materials open source licenses governing a software deliverable may require.
There are four principles that guide the development of the specification:
- Build trust around the use of open source in constructing software solutions that are shared with others (with a focus on license compliance).
- Less is More
- Avoid boiling the ocean - Focus specifically on providing the necessary and sufficient requirements of a “quality” compliance program
- Focus on meaningful pain points based on actual practice use cases
- Focus of the what and why (avoid the how and when)
- Embrace the implementation of different practices to solve a given requirement
- Avoid providing specific legal advice or specific best practices
- Function as an open development initiative - open to all to contribute - inclusion via discussion and consensus that adhere to these guiding principles. Consider adopting best practices from standard initiatives which complement the open development approach.