Disclosure files

From OSSelot
Revision as of 20:42, 14 July 2023 by Wiki (talk | contribs)
Jump to navigation Jump to search

Obtain disclosure files

Use a shell script to encapsulate the search Web script in a shell script

To download the disclosure file that relates to a given package name and version from the O Github repository the following shell script can be used:

#!/bin/bash

if test -z "$1" -o -z "$2"
then
  echo "Usage: $0 <package> <version>"
  exit 1
fi
package="$1"
version="$2"
if test `wget -qO - https://www.osselot.org/curated.php?$package | grep version-$version`
then
  wget -qO - https://raw.githubusercontent.com/Open-Source-Compliance/package-analysis/main/analysed-packages/$package/version-$version/$package-$version-OSS-disclosure.txt
fi

The output of this script can then be adapted to the actual file set of the binary software distribution and given to the recipient of the software upon delivery as an important step toward compliance with the license terms. Possible further steps to license compliance are the adaptation of other legal materials such as terms and conditions and, if the license imposes this obligation, the immediate provision or an appropriate written offer to deliver the source code.

In the above example of angular in version 15.2.2, if the script is called "getdisclosure" and invoked as

getdisclosure angular 15.2.2

a text is returned that is ready to be used:

Web interface to immediately search for a given package and provide links to the disclosure documents of found package repositories

Look for other software packages that may have already been curated at O and provide links to the related disclosure documents



Material from multiple packages can each be given a title line and then concatenated.

A similar interface is provided that instead of a entire disclosure documents the licenses that a particular software package uses are listed.