Difference between revisions of "GeoMajas Provenance Review"
Line 37: | Line 37: | ||
Action points resulting from the review: | Action points resulting from the review: | ||
− | * All resource directories needs a "LICENSE.txt" file indicating where the files came from when not original work of the project (original work includes stuff like screen shots or specially created graphics) (incomplete). | + | * All resource directories needs a "LICENSE.txt" file indicating where the files came from when not original work of the project (original work includes stuff like screen shots or specially created graphics). All resources for which the source and/or license is unclear need to be removed or replaced by data for which the license is acceptable (incomplete). |
* The back-end and all plug-ins need to maintain a list with copyright/license details (DONE). | * The back-end and all plug-ins need to maintain a list with copyright/license details (DONE). | ||
* These details need to be logged when starting the application (DONE). | * These details need to be logged when starting the application (DONE). |
Revision as of 11:11, 2 June 2010
Goal
To establish a reasonable comfort level that projects going through incubation do not have improperly contributed code, and that the code is all under the project license.
A code provenance review is desirable because it reduces the risk of the foundation, project developers or software users becoming involved in a legal action or having their use of the software disrupted by sudden removal of improperly contributed code. In particular, many enterprises will not build on open source software projects without some degree of assurance that care is being taken to avoid improper contributions.
It is not the goal to be able to prove that every source file, and every contribution to those files, was contributed properly. The onus is not on us to prove there are no problems. However we want to ensure we do not release code with provenance issues that we could have identified and corrected with a reasonable effort.
Library/Component Review
External components "in source tree" for the project
none
External dependencies
See spreadsheet.
Code Copyright Review
History :
- The original code was developed by DFC nv.
- The IP was bought by Geosparc nv from DFC nv on 01 Jan 2009.
- Any changes since code is owned by Geosparc nv are either by covered by a CLA (Contributer's License Agreement) or an employment contract, transferring copyright to Geosparc nv.
General, see contributors guide :
- All Java files contain a copyright statement which is checked as part of the build.
- All authors are required to add their name in the list of authors at the top of the files.
The objective here is to visit every source file, and identify possible issues, and work to "regularize" things.
See spreadsheet.
Review Result
The result of the provenance review is two fold. First, there is clarification and "fixes" done during the review. For instance, adding missing copyright notices, or factoring out external libraries. The second is a review report with a fairly detailed list of outstanding issues, ambiguities and information of note.
See spreadsheet.
Action points resulting from the review:
- All resource directories needs a "LICENSE.txt" file indicating where the files came from when not original work of the project (original work includes stuff like screen shots or specially created graphics). All resources for which the source and/or license is unclear need to be removed or replaced by data for which the license is acceptable (incomplete).
- The back-end and all plug-ins need to maintain a list with copyright/license details (DONE).
- These details need to be logged when starting the application (DONE).
- A command needs to be created to get this information from the system (DONE).
- Faces need to display this copyright/license information in an about box or similar. This needs to be a requirement for graduating a face (incomplete).
- Contributors guide needs to be adjusted to mention that copyright/license info needs to be maintained on the back-end and plug-ins (incomplete).
Copyright Header
It is sufficient to refer to a single copy of the license agreement for the project, but each file should include an indication of what the license is, and the location of the full license document.
The header which needs to be included in all Java files (JavaScript and XML files have the same text but using different formatting/comment style):
/* * This file is part of Geomajas, a component framework for building * rich Internet applications (RIA) with sophisticated capabilities for the * display, analysis and management of geographic information. * It is a building block that allows developers to add maps * and other geographic data capabilities to their web applications. * * Copyright 2008-2010 Geosparc, http://www.geosparc.com, Belgium * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */