Main Page: Difference between revisions

Latest revision as of 15:37, 1 November 2023

Welcome to the OSSelot Wiki!

This Wiki was created to facilitate day-to-day work with the resources of the OSSelot project, especially when accessing them in batch mode, e.g. as part of a software release build.

Search for a package

Find out whether a particular version of a software package is supported by OSSelot and has already been curated. A particular Web script is provided for this purpose, and an interactive Web interface is available to test and use this feature.

Obtain disclosure files

A shell script is provided to encapsulate the Web search script and obtain the related disclosure files. Another interactive Web interface is available to test and use this feature.

Create individually designed do-it-yourself disclosure files

Define a set of custom characteristics of what the disclosure file should look like, search for a package and create a custom disclosure file for it.

Obtain licensing information

Another Web script is available that also encapsulates the internal algorithm of the Web search script, but then generates a list of licenses that are used in a given software package. The script accepts as argument either a package name or a package name along with a version. In the former case the licenses of all available versions are listed, whereas in the latter the output is restricted to the specified version.

Obtain curation data in various formats using a REST interface

The entire curation data of a software package can be retrieved in JSON format, curation data of a particular version can be retrieved in RDF-XML, SPDX2TV or YAML format.

Reuse existing material in case of version mismatch

If a particular version of a software package has not been curated before, but another one that may be close to it has, then FOSSology's reuse feature can be applied. Details are given in the presentation and video material on the OSSelot home page: Please check out "Use case 2" at the OSSelot presentations.

Contributing to the OSSelot project

How to contribute to the project if a package that is not yet included with OSSelot has been externally curated? Contributions are greatly appreciated, and therefore we would like to encourage as many users as possible to contribute. The more versions of more packages that are curated, the more beneficial the OSSelot project will be. However, to maintain confidence in the material, a rigorous vetting process was instituted. Volunteers are asked to first contact the OSSelot Officer via email. The easiest next step is then probably to arrange a video conference, get to know each other, and understand the basic principles of the OSSelot curation process. From that moment, new software packages can be curated and provided in the fork tree. The maintainer will then review the newly provided curation data in close collaboration with the contributor, and once the review is successful, the new curation data will be included and made publicly available through the repository. The contributor's and reviewer's names will be indicated in the README file of the package.

Best practices

How to curate data

High-quality curation data are the cornerstone of the OSSelot project. To ensure that this quality is maintained, every contribution is thoroughly reviewed and only curators with sufficient expertise in FOSS licensing contribute to the database. A curation guideline on how data are curated for the OSSelot project is given here to ensure consistency.

SPDX2TV template

To avoid misunderstandings when exchanging SPDX files, an SPDX tag:value template is given here. This shows which tags are used in the OSSelot project and how they are interpreted.

FOSSology

In order to use the FOSSology Open Source curation administration tool in connection with the OSSelot project (when re-using the data and also when contributing to the project), a number of conventions should be observed.

Scancode

Normally, the Scancode Open Source scanning tool is used under the control of FOSSology in this project; however, to fine-tune or confirm the results it may be necessary to run the tool separately from command line. If this is done, the command line options should match the conventions of the OSSelot project.

@@ Line 1: / Line 1: @@
 __NOTOC__
-== Welcome to the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> Wiki! ==
+== Welcome to the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> Wiki! ==
-This Wiki was created to facilitate day-to-day work with the resources of the [https://www.osselot.org <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> project], especially when accessed in batch mode, e.g. as part of a software release build.
+This Wiki was created to facilitate day-to-day work with the resources of the [https://www.osselot.org <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> project], especially when accessing them in batch mode, e.g. as part of a software release build.
-=== First step: Find out whether a particular version of a software package is supported by <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> and has already been curated. ===
+==[[Search]] for a package==
-Use the URL '''''<nowiki>https://www.osselot.org/curated.php?packagename</nowiki>''''' to determine whether a particular software package already has been curated and, if so, for which version disclosure information is available. For example https://www.osselot.org/curated.php?angular may return
+[[Search|Find out]] whether a particular version of a software package is supported by <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> and has already been curated. A particular Web script is provided for this purpose, and an interactive Web interface is available to test and use this feature.
- angular/version-15.1.0
- angular/version-15.2.2
- angular/version-16.0.1
- angular/version-16.1.2
-If a package has not been curated so far, the output of the given URL remains empty. Otherwise, the output can be concatenated to the URL of the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> Github package repository at '''''<nowiki>https://github.com/Open-Source-Compliance/package-analysis/tree/main/analysed-packages/</nowiki>''''' such as, for example,
-https://github.com/Open-Source-Compliance/package-analysis/tree/main/analysed-packages/angular/version-15.2.2
+==Obtain [[Disclosure_files|disclosure files]]==
+A shell script is provided to encapsulate the [[Search|Web search script]] and obtain the related disclosure files. Another interactive Web interface is available to test and use this feature.
-<html>
+==Create individually designed [[DIY_Disclosure_files|do-it-yourself disclosure files]]==
-<script>
+Define a set of custom characteristics of what the disclosure file should look like, search for a package and create a custom disclosure file for it.
-function getlongestline(text)
-{
-  eol = '\n';
-  i = j = 0;
-  longestline = 0;
-  while ((j = text.indexOf(eol, i)) !== -1) {
+==Obtain [[Licenses|licensing information]]==
-    testline = text.substring(i, j);
+Another Web script is available that also encapsulates the internal algorithm of the [[Search|Web search script]], but then generates a list of licenses that are used in a given software package. The script accepts as argument either a package name or a package name along with a version. In the former case the licenses of all available versions are listed, whereas in the latter the output is restricted to the specified version.
-    if (testline.length > longestline)
-      longestline = testline.length;
-    i = j + 1;
-  }
-  return longestline;
-}
-function loadXMLHttp(url, target, link)
+==Obtain curation data in various formats using a [[REST]] interface==
-{
+The entire curation data of a software package can be retrieved in [[JSON]] format, curation data of a particular version can be retrieved in [[RDF-XML]], [[SPDX2TV]] or [[YAML]] format.
-  if (window.XMLHttpRequest)
-    xmlhttp = new XMLHttpRequest();
-  else
-    xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
-  xmlhttp.onreadystatechange = (function() {
+==Reuse existing material in case of version mismatch==
-    if (xmlhttp.readyState == 4) {
+If a particular version of a software package has not been curated before, but another one that may be close to it has, then FOSSology's reuse feature can be applied. Details are given in the presentation and video material on the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> home page: Please check out [https://www.osselot.org/index.php?s=presentations "Use case 2" at the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> presentations].
-      if (xmlhttp.status == 200) {
-        response = xmlhttp.responseText;
-        if (response.length == 0) {
-          response = 'Sorry, not yet available';
-          target.rows = 1;
-          target.cols = response.length;
-        } else {
-          response = response.replace(/<[/]?[a-z]*>[\n]?/g, "");
-          target.cols = getlongestline(response);
-          response = response.trim();
-          lines = response.split('\n');
-          target.rows = lines.length;
-          withlinks = '';
-          for(i = 0; i < target.rows; i++) {
-            if (link == 'repo')
-              withlinks += '<a style="caret-color: transparent;" href="https://github.com/Open-Source-Compliance/package-analysis/tree/main/analysed-packages/' + lines[i] + '" target="_blank">' + lines[i] + '</a>\n';
-            if (link == 'disclosure') {
-              line2 = lines[i].replace('/version-', ' ').split(' ');
-              package = line2[0];
-              version = line2[1];
-              withlinks += '<a style="caret-color: transparent;" onclick="showdisclosure(this);">' + lines[i] + '</a>\n';
-            }
-          } response = withlinks;
-        }
-        target.innerHTML = response.replace(/\n/g, '<br />');
-      }
-    }
-  });
-  xmlhttp.open('GET', url, true);
-  xmlhttp.send();
-}
-function searchtextkeyup(event, text, link)
+==Contributing to the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> project==
-{
+How to contribute to the project if a package that is not yet included with <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> has been externally curated? Contributions are greatly appreciated, and therefore we would like to encourage as many users as possible to contribute. The more versions of more packages that are curated, the more beneficial the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> project will be. However, to maintain confidence in the material, a rigorous vetting process was instituted. Volunteers are asked to first contact the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> Officer via [mailto:office@osadl.org?subject=OSSelot-volunteer email]. The easiest next step is then probably to arrange a video conference, get to know each other, and understand the basic principles of the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> curation process. From that moment, new software packages can be curated and provided in the fork tree. The maintainer will then review the newly provided curation data in close collaboration with the contributor, and once the review is successful, the new curation data will be included and made publicly available through the repository. The contributor's and reviewer's names will be indicated in the README file of the package.
-  if (event.key == "Enter")
-    searchOSSelot(text.nextElementSibling, link);
-}
-function searchOSSelot(button, link)
+==Best practices==
-{
+====[[Curation guideline|How to curate data]]====
-  input = button.previousElementSibling;
+High-quality curation data are the cornerstone of the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> project. To ensure that this quality is maintained, every contribution is thoroughly reviewed and only curators with sufficient expertise in FOSS licensing contribute to the database. A [[curation guideline]] on how data are curated for the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> project is given here to ensure consistency.
-  package = input.value;
-  output = button.nextElementSibling.nextElementSibling;
-  if (package.length == 0)
-    output.style.display = 'none';
-  else {
-    url = 'https://www.osselot.org/curated.php?' + package;
-    loadXMLHttp(url, output, link);
-    output.style.display = '';
-  }
-}
-</script>
-<h4>Look for other software packages that may have already been curated at <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> and provide a link to the related repository</h4>
-<input type="text" onkeyup="searchtextkeyup(event, this, 'repo');" size="30" /><button onclick="searchOSSelot(this, 'repo');">Search the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> repository</button><br />
+==== [[SPDX2TV template]] ====
-<span style="display: none;"></span>
+To avoid misunderstandings when exchanging SPDX files, an SPDX tag:value template is given [[SPDX2TV template|here]]. This shows which tags are used in the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> project and how they are interpreted.
-<br />
-</html>
-=== Next step: How do I obtain the disclosure file if my software package is already included in the current version of <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span>? ===
+====[[FOSSology]]====
-To download the disclosure file that relates to a given package name and version from the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> Github repository the following script can be used:
+In order to use the [[FOSSology]] Open Source curation administration tool in connection with the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> project (when re-using the data and also when contributing to the project), a number of conventions should be observed.
- #!/bin/bash
+====[[Scancode]]====
+Normally, the [[Scancode]] Open Source scanning tool is used under the control of [[FOSSology]] in this project; however, to fine-tune or confirm the results it may be necessary to run the tool separately from command line. If this is done, the command line options should match the conventions of the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">OSSelot</span> project.
- if test -z "$1" -o -z "$2"
- then
-   echo "Usage: $0 <package> <version>"
-   exit 1
- fi
- package="$1"
- version="$2"
- if test `wget -qO - <nowiki>https://www.osselot.org/curated.php?$package</nowiki> | grep version-$version`
- then
-   wget -qO - <nowiki>https://raw.githubusercontent.com/Open-Source-Compliance/package-analysis/main/analysed-packages/$package/version-$version/$package-$version-OSS-disclosure.txt</nowiki>
- fi
-The output of this script can then be adapted to the actual file set of the binary software distribution and given to the recipient of the software upon delivery as an important step toward compliance with the license terms. Possible further steps to license compliance are the adaptation of other legal materials such as terms and conditions and, if the license contains this obligation, the immediate provision or an appropriate written offer to deliver the source code.
-In the above example of angular in version 15.2.2, if the script is called "getdisclosure" and invoked as
- getdisclosure angular 15.2.2
-<html>
-a text is returned that is ready to be used:
-<button onclick="showdisclosure(this)">angular/15.2.2 disclosure material</button>
-<script>
-var isFirefox = typeof InstallTrigger !== 'undefined';
-var context;
-function neededwidth(text) {
-  eol = '\n';
-  i = j = 0;
-  longestline = 0;
-  pre = document.querySelector('pre');
-  style = getComputedStyle(pre);
-  if (typeof context === 'undefined') {
-    canvas = document.createElement('canvas');
-    context = canvas.getContext('2d');
-    if (!isFirefox)
-      context.font = style.fontSize + ' ' + style.fontFamily;
-  }
-  while ((j = text.indexOf(eol, i)) !== -1) {
-    testline = text.substring(i, j);
-    metrics = context.measureText(testline);
-    if (metrics.width > longestline)
-      longestline = metrics.width;
-    i = j + 1;
-  }
-  if (isFirefox)
-    longestline -= 70;
-  return longestline;
-}
-async function showdisclosure(element) {
-  left = 200;
-  above = 200;
-  width = 604;
-  height = 906;
-  text = element.innerHTML.split(' ')[0];
-  package = text.split('/')[0];
-  version = text.split('/');
-  version.shift();
-  version = version.join('/').replace('version-', '');
-  features = 'menubar=no,scrollbar=yes,resizable=yes,status=no,toolbar=no,width=' + width + ',height=' + height + ',left=' + left + ',top=' + above;
-  w = window.open('', '', features);
-  if (version.includes('/')) {
-    nextversion = version.split('/')[1].replace('version-', '');
-    url = 'https://raw.githubusercontent.com/Open-Source-Compliance/package-analysis/main/analysed-packages/' + package + '/version-' + version + '/' + nextversion + '-OSS-disclosure.txt';
-  } else
-    url = 'https://raw.githubusercontent.com/Open-Source-Compliance/package-analysis/main/analysed-packages/' + package + '/version-' + version + '/' + package + '-' + version + '-OSS-disclosure.txt';
-  response = await fetch(url);
-  text = await response.text();
-  newwidth = neededwidth(text);
-  w.moveTo(left, above);
-  w.resizeTo(newwidth, height);
-  w.location.href = url;
-}
-</script>
-<h4>Look for other software packages that may have already been curated at <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> and provide a link to the related disclosure document</h4>
-<input type="text" onkeyup="searchtextkeyup(event, this, 'disclosure');" size="30" /><button onclick="searchOSSelot(this, 'disclosure');">Search for an <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> disclosure document</button><br />
-<span style="display: none;"></span>
-<br />
-</html>
-Material from multiple packages can each be given a title line and then concatenated.
-=== Alternatively: How do I use the disclosure files if my software package is included in <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> but in a different version? ===
-If a particular version of a software package has not been curated before, but another one that may be close to it has, then FOSSology's reuse feature can be applied. Details are given in the presentation and video material on the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> home page: Please check out [https://www.osselot.org/index.php?s=presentations "Use case 2" at the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> presentations].
-=== By the way: How do I contribute to the project if I have curated a package not yet included with <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> in this version? ===
-Contributions are greatly appreciated, and therefore we would like to encourage as many users as possible to contribute. The more versions of more packages that are curated, the more beneficial the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> project will be. However, to maintain confidence in the material, we have instituted a rigorous vetting process. Volunteers are asked to first contact the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> Officer via [mailto:office@osadl.org?subject=OSSelot-volunteer email]. The easiest next step is then probably to arrange a video conference, get to know each other, and understand the basic principles of the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> curation process. From that moment, new software packages can be curated and provided in the fork tree. The maintainer will then review the newly provided curation data in close collaboration with the contributor, and once the review is successful, the new curation data will be included and made publicly available through the repository. The contributor's and reviewer's names will be indicated in the README file of the package.