Difference between revisions of "GeoMajas Provenance Review"

From OSGeo
Jump to navigation Jump to search
Line 14: Line 14:
 
= Code Copyright Review =
 
= Code Copyright Review =
 
History :
 
History :
* The original code was developed by DFC nv
+
* The original code was developed by DFC nv.
* The IP was bought by Geosparc nv from DFC nv on 01 Jan 2009
+
* The IP was bought by Geosparc nv from DFC nv on 01 Jan 2009.
* Any changes since code is owned by Geosparc nv should by covered by a CLA (Contributer's License Agreement), transferring copyright to Geosparc nv
+
* Any changes since code is owned by Geosparc nv are either by covered by a CLA (Contributer's License Agreement) or an employment contract, transferring copyright to Geosparc nv.
  
 
General, see [http://files.geomajas.org/maven/trunk/geomajas/contributorguide/html/index.html contributors guide] :
 
General, see [http://files.geomajas.org/maven/trunk/geomajas/contributorguide/html/index.html contributors guide] :
 
* All Java files contain a copyright statement which is checked as part of the build.
 
* All Java files contain a copyright statement which is checked as part of the build.
* All authors should add there name in the list of authors at the top of the files.
+
* All authors are required to add their name in the list of authors at the top of the files.
  
 
The objective here is to visit every source file, and identify possible issues, and work to "regularize" things.  
 
The objective here is to visit every source file, and identify possible issues, and work to "regularize" things.  

Revision as of 01:38, 19 May 2010

Goal

To establish a reasonable comfort level that projects going through incubation do not have improperly contributed code, and that the code is all under the project license.

A code provenance review is desirable because it reduces the risk of the foundation, project developers or software users becoming involved in a legal action or having their use of the software disrupted by sudden removal of improperly contributed code. In particular, many enterprises will not build on open source software projects without some degree of assurance that care is being taken to avoid improper contributions.

It is not the goal to be able to prove that every source file, and every contribution to those files, was contributed properly. The onus is not on us to prove there are no problems. However we want to ensure we do not release code with provenance issues that we could have identified and corrected with a reasonable effort.

Guidelines

Library/Component Review

External components "in source tree" for the project

External dependencies

See spreadsheet.


Code Copyright Review

History :

  • The original code was developed by DFC nv.
  • The IP was bought by Geosparc nv from DFC nv on 01 Jan 2009.
  • Any changes since code is owned by Geosparc nv are either by covered by a CLA (Contributer's License Agreement) or an employment contract, transferring copyright to Geosparc nv.

General, see contributors guide :

  • All Java files contain a copyright statement which is checked as part of the build.
  • All authors are required to add their name in the list of authors at the top of the files.

The objective here is to visit every source file, and identify possible issues, and work to "regularize" things.

See spreadsheet.

Review Document

The result of the provenance review is two fold. First, there is clarification and "fixes" done during the review. For instance, adding missing copyright notices, or factoring out external libraries. The second is a review report with a fairly detailed list of outstanding issues, ambiguities and information of note.

See spreadsheet.

The review document will be distributed to the project PSC members, as well as the incubation committee. Based on it, the incubation committee may require the project to do additional work, either resolving ambiguities, factoring items out, or rewriting questional components.

When completed, a much briefer form of the review document should be prepared, just listing information that would be pertinent to folks using the project. Essentially a summary. This summary might live in source control as README.LICENSE or something similar.


Copyright Header

It is sufficient to refer to a single copy of the license agreement for the project, but each file should include an indication of what the license is, and the location of the full license document.

The header which needs to be included in all Java files (JavaScript and XML files have the same text but using different formatting/comment style):

/*
 * This file is part of Geomajas, a component framework for building
 * rich Internet applications (RIA) with sophisticated capabilities for the
 * display, analysis and management of geographic information.
 * It is a building block that allows developers to add maps
 * and other geographic data capabilities to their web applications.
 *
 * Copyright 2008-2010 Geosparc, http://www.geosparc.com, Belgium
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */