Marble has succesfully graduated form Incubation and is now an official OSGeo project.

Goal

To establish a reasonable comfort level that the Marble Project does not have improperly contributed code, and that the code is all under the project license.

A code provenance review is desirable because it reduces the risk of the foundation, project developers or software users becoming involved in a legal action or having their use of the software disrupted by sudden removal of improperly contributed code. In particular, many enterprises will not build on open source software projects without some degree of assurance that care is being taken to avoid improper contributions.

It is not the goal to be able to prove that every source file, and every contribution to those files, was contributed properly. The onus is not on OSGeo to prove there are no problems. However we want to ensure we do not release code with provenance issues that we could have identified and corrected with a reasonable effort.

Library/Component Review

1. Prepare a list of any external components that are included "in the source tree" for the project. For instance, GDAL includes a copy of libtiff, libjpeg, etc in the source tree. It is necessary to be able to identify things like that in the source tree that are under their own distinct license, and are not explicited vetted by the project team. If practical it is desirable to remove these internal components and treat them as external depenendencies. If kept internal, notes on the licenses of the components should be included in the provenance review document.
2. Prepare a list of external dependencies with with potentially problematic license terms. So, all non-free libraries for instance. All libraries with licenses that might conflict (for instance GDAL's use of GPL'ed GRASS libraries in the non-GPL GDAL).

/marble/sources/src/lib/kineticmodel.cpp (clean)

Different license and copyright but compatible.

/*
  This file is part of the Ofi Labs X2 project.

  Copyright (C) 2010 Ariya Hidayat <ariya.hidayat@gmail.com>

  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.
    * Neither the name of the <organization> nor the
      names of its contributors may be used to endorse or promote products
      derived from this software without specific prior written permission.

  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
  DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

Code Copyright Review

The objective here is to visit every source file, and identify possible issues, and work to "regularize" things.

License Text

There are different versions of the short license text of the GNU LGPL which are both correctly referenced in the source code. This example has been copied from ControlView.cpp.

//
// This file is part of the Marble Virtual Globe.
//
// This program is free software licensed under the GNU LGPL. You can
// find a copy of this license in LICENSE.txt in the top directory of
// the source code.
//
// Copyright 2006-2007 Torsten Rahn <tackat@kde.org>
// Copyright 2007      Inge Wallin  <ingwa@kde.org>
//

The file LICENSE.txt is available in the root directory of the source tree and contians a verbatim copy of the GNU LGPL (albeit with some special characters which might have found their way in through some encoding issues).

This example has been copied from sources/src/lib/DownloadPolicy.cpp

// Copyright 2009  Jens-Michael Hoffmann <jmho@c-xx.com>
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either 
// version 2.1 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public 
// License along with this library.  If not, see <http://www.gnu.org/licenses/>.

Checked Code

The following list containes all files that were checked manually by the mentor. All issues have been addressed by the project immediately (within max 10 days).

The code checker at English Breakfast Network produces comprehensive reports:

• http://www.englishbreakfastnetwork.org/krazy/reports/kde-4.x/kdeedu/marble/index.html

/marble/sources/src/bindings/python (clean)

See the file marble/docs/bindings/python/Python_bindings_for_marble_library.txt. All files have correct headers.

/marble/sources/src/lib (clean)

This directory is clean except if otherwise referenced below.

• LatLonBoxWidget.cpp contains no copyright / author, instead this:

// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library. If not, see <http://www.gnu.org/licenses/>.

/marble/sources/src/plasmarunner/ (clean)

This directory is clean.

/marble/sources/src/plasmoid/ (clean)

This directory is clean.

/marble/sources/src/plugins/declarative/ (clean)

This directory is clean.

/marble/sources/src/plugins/designer/ (clean)

This directory is clean.

/marble/sources/src/plugins/network/ (clean)

This directory is clean.

/marble/sources/src/plugins/positionprovider/ (clean)

This directory is clean.

/marble/sources/src/plugins/qt-components/ (clean)

This directory is clean.

/marble/sources/src/plugins/render/aprs (CHECK)

License header missing:

• GeoAprsCoordinates.h

/marble/sources/src/plugins/render/atmosphere (clean)

This directory is clean.

/marble/sources/src/plugins/render/compass (clean)

This directory is clean. SVG files are CreativeCommons licensed.

/marble/sources/src/plugins/render/crosshairs (clean)

This directory is clean. SVG files are CreativeCommons licensed.

/marble/sources/src/plugins/render/earthquake (clean)

This directory is clean. SVG files are CreativeCommons licensed.

/marble/sources/src/plugins/render/elevationprofilefloatitem (clean)

This directory is clean. SVG files are CreativeCommons licensed.

/marble/sources/src/plugins/render/elevationprofilemarker (clean)

This directory is clean.

/marble/sources/src/plugins/render/foursquare (clean)

/marble/sources/src/plugins/render/gpsinfo (clean)

This direcotry is clean.

/marble/sources/src/plugins/render/graticule (clean)

This directory is clean.

/marble/sources/src/plugins/render/inhibit-screensaver (clean)

This directory is clean.

/marble/sources/src/plugins/render/mapscale (clean)

This directory is clean.

/marble/sources/src/plugins/render/measure (clean)

This directory is clean.

/marble/sources/src/plugins/render/navigation (clean)

This directory is clean.

/marble/sources/src/plugins/render/opencaching (clean)

This directory is clean.

/marble/sources/src/plugins/render/opendesktop (clean)

This directory is clean.

/marble/sources/src/plugins/render/osmannotate (clean)

This directory is clean.

/marble/sources/src/plugins/render/osmannotate/osm (clean)

This directory is clean.

/marble/sources/src/plugins/render/overviewmap (clean)

This directory is clean.

/marble/sources/src/plugins/render/panoramio (clean)

Missing license header:

• Panoramio.py

Not part of the build script and marked for deletion.

/marble/sources/src/plugins/render/photo (clean)

This directory is clean.

/marble/sources/src/plugins/render/positionmarker (clean)

This directory is clean.

/marble/sources/src/plugins/render/postalcode (clean)

This directory is clean.

/marble/sources/src/plugins/render/progress (clean)

This directory is clean.

/marble/sources/src/plugins/render/routing (clean)

This directory is clean.

/marble/sources/src/plugins/render/satellites/ (clean)

This directory is clean.

/marble/sources/src/plugins/render/satellites/sg4p (clean)

Some files come from the public domain and therefore have no license header. Example from sgp4unit.h:

/*     ----------------------------------------------------------------
*
*                                 sgp4unit.h
*
*    this file contains the sgp4 procedures for analytical propagation
*    of a satellite. the code was originally released in the 1980 and 1986
*    spacetrack papers. a detailed discussion of the theory and history
*    may be found in the 2006 aiaa paper by vallado, crawford, hujsak,
*    and kelso.
*
*                            companion code for
*               fundamentals of astrodynamics and applications
*                                    2007
*                              by david vallado
*
*       (w) 719-573-2600, email dvallado@agi.com
*
*    current :
*               3 Nov 08  david vallado
*                           put returns in for error codes
*    changes :
*              29 sep 08  david vallado
*                           fix atime for faster operation in dspace
*                           add operationmode for afspc (a) or improved (i)
*                           performance mode
*              20 apr 07  david vallado
*                           misc fixes for constants
*              11 aug 06  david vallado
*                           chg lyddane choice back to strn3, constants, misc doc
*              15 dec 05  david vallado
*                           misc fixes
*              26 jul 05  david vallado
*                           fixes for paper
*                           note that each fix is preceded by a
*                           comment with "sgp4fix" and an explanation of
*                           what was changed
*              10 aug 04  david vallado
*                           2nd printing baseline working
*              14 may 01  david vallado
*                           2nd edition baseline
*                     80  norad
*                           original baseline
*       ----------------------------------------------------------------      */

/marble/sources/src/plugins/render/satellites/mex (clean)

This directory is clean.

/marble/sources/src/plugins/render/speedometer (clean)

This directory is clean.

/marble/sources/src/plugins/render/stars (clean)

This directory is clean.

/marble/sources/src/plugins/render/sun (clean)

This directory is clean.

/marble/sources/src/plugins/render/test (clean)

This directory is clean.

/marble/sources/src/plugins/render/twitter (clean)

/marble/sources/src/plugins/render/weather (CHECK)

Missing license header

• bbc-xml-generator.rb

/marble/sources/src/plugins/render/wikipedia (clean)

This directory is clean.

/marble/sources/src/tilecreator/ (clean)

This directory is clean.

Copyright

Q: The license headers list the contributors as specific copyright owners. Is a CLA or similar available from each contributor?

1. Does the file include the license information? If not, add it if there there is no ambiguity about whether the standard project license applies. If that is not obvious, make notes in the review document.
2. Is the file under the normal project license? If not, make notes in the review document.
3. Is there anything obviously unusual about the origin of the code? Does this pose any conflicts? Is the issue properly described in the source file? For instance, in GDAL, the gdal/port/cpl_strtod.cpp file is closely derived from external code that was placed in the public domain. cpl_strtod.cpp is placed under the normal GDAL MIT/X license, but detailed notes are kept in the header text on it's origin, the fact that this was public domain and so the fact that we are ok to relicense it. Oddities should be noted in the source file itself and in the review document.
4. Maintain a list of all copyright holders identified in the review document. This list is essentially everyone who would need to agree to relicense the project. It may be desirable to seek copyright assignment to a "project lead", or to the foundation to reduce the number of copyright holders for the project though this is not required.