Difference between revisions of "GeoMajas Provenance Review"

From OSGeo
Jump to navigation Jump to search
Line 26: Line 26:
 
See [http://spreadsheets.google.com/pub?key=t7zH_2KykoFjllbW0QBQaXw&output=html spreadsheet].
 
See [http://spreadsheets.google.com/pub?key=t7zH_2KykoFjllbW0QBQaXw&output=html spreadsheet].
  
= Review Document =
+
= Review Result =
  
 
The result of the provenance review is two fold.  First, there is clarification and "fixes" done during the review.  For instance, adding missing copyright notices, or factoring out external libraries.  The second is a review report with a fairly detailed list of outstanding issues, ambiguities and information of note.  
 
The result of the provenance review is two fold.  First, there is clarification and "fixes" done during the review.  For instance, adding missing copyright notices, or factoring out external libraries.  The second is a review report with a fairly detailed list of outstanding issues, ambiguities and information of note.  
Line 32: Line 32:
 
See [http://spreadsheets.google.com/pub?key=t7zH_2KykoFjllbW0QBQaXw&output=html spreadsheet].
 
See [http://spreadsheets.google.com/pub?key=t7zH_2KykoFjllbW0QBQaXw&output=html spreadsheet].
  
The review document will be distributed to the project PSC members, as well as the incubation committee.  Based on it, the incubation committee may require the project to do additional work, either resolving ambiguities, factoring items out, or rewriting questional components. 
+
Action points resulting from the review:
  
When completed, a much briefer form of the review document should be prepared, just listing information that would be pertinent to folks using the project. Essentially a summary. This summary might live in source control as README.LICENSE or something similar.
+
* All resource directories needs a "LICENSE.txt" file indicating where the files came from when not original work of the project (original work includes stuff like screen shots or specially created graphics) (incomplete).
 +
* The back-end and all plug-ins need to maintain a list with copyright/license details (DONE).
 +
* These details need to be logged when starting the application (DONE).
 +
* A command needs to be created to get this information from the system (DONE).
 +
* Faces need to display this copyright/license information in an about box or similar. This needs to be a requirement for graduating a face (incomplete).
 +
* Contributors guide needs to be adjusted to mention that copyright/license info needs to be maintained on the back-end and plug-ins (incomplete).
  
  

Revision as of 01:54, 19 May 2010

Goal

To establish a reasonable comfort level that projects going through incubation do not have improperly contributed code, and that the code is all under the project license.

A code provenance review is desirable because it reduces the risk of the foundation, project developers or software users becoming involved in a legal action or having their use of the software disrupted by sudden removal of improperly contributed code. In particular, many enterprises will not build on open source software projects without some degree of assurance that care is being taken to avoid improper contributions.

It is not the goal to be able to prove that every source file, and every contribution to those files, was contributed properly. The onus is not on us to prove there are no problems. However we want to ensure we do not release code with provenance issues that we could have identified and corrected with a reasonable effort.

Guidelines

Library/Component Review

External components "in source tree" for the project

External dependencies

See spreadsheet.


Code Copyright Review

History :

  • The original code was developed by DFC nv.
  • The IP was bought by Geosparc nv from DFC nv on 01 Jan 2009.
  • Any changes since code is owned by Geosparc nv are either by covered by a CLA (Contributer's License Agreement) or an employment contract, transferring copyright to Geosparc nv.

General, see contributors guide :

  • All Java files contain a copyright statement which is checked as part of the build.
  • All authors are required to add their name in the list of authors at the top of the files.

The objective here is to visit every source file, and identify possible issues, and work to "regularize" things.

See spreadsheet.

Review Result

The result of the provenance review is two fold. First, there is clarification and "fixes" done during the review. For instance, adding missing copyright notices, or factoring out external libraries. The second is a review report with a fairly detailed list of outstanding issues, ambiguities and information of note.

See spreadsheet.

Action points resulting from the review:

  • All resource directories needs a "LICENSE.txt" file indicating where the files came from when not original work of the project (original work includes stuff like screen shots or specially created graphics) (incomplete).
  • The back-end and all plug-ins need to maintain a list with copyright/license details (DONE).
  • These details need to be logged when starting the application (DONE).
  • A command needs to be created to get this information from the system (DONE).
  • Faces need to display this copyright/license information in an about box or similar. This needs to be a requirement for graduating a face (incomplete).
  • Contributors guide needs to be adjusted to mention that copyright/license info needs to be maintained on the back-end and plug-ins (incomplete).


Copyright Header

It is sufficient to refer to a single copy of the license agreement for the project, but each file should include an indication of what the license is, and the location of the full license document.

The header which needs to be included in all Java files (JavaScript and XML files have the same text but using different formatting/comment style):

/*
 * This file is part of Geomajas, a component framework for building
 * rich Internet applications (RIA) with sophisticated capabilities for the
 * display, analysis and management of geographic information.
 * It is a building block that allows developers to add maps
 * and other geographic data capabilities to their web applications.
 *
 * Copyright 2008-2010 Geosparc, http://www.geosparc.com, Belgium
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */