Main Page

From OSSelot
Revision as of 09:36, 12 July 2023 by Wiki (talk | contribs)
Jump to navigation Jump to search

Welcome to the O Wiki!

This Wiki was created to facilitate day-to-day work with the resources of the O project, especially when accessed in batch mode, e.g. as part of a software release build.

First step: Find out whether a particular version of a software package is supported by O and has already been curated.

Use the URL https://www.osselot.org/curated.php?packagename to determine whether a particular software package already has been curated and, if so, for which version disclosure information is available. For example https://www.osselot.org/curated.php?angular may return

angular/version-15.1.0
angular/version-15.2.2
angular/version-16.0.1
angular/version-16.1.2

If a package has not been curated so far, the output of the given URL remains empty. Otherwise, the output can be concatenated to the URL of the O Github package repository at https://github.com/Open-Source-Compliance/package-analysis/tree/main/analysed-packages/ such as, for example,

https://github.com/Open-Source-Compliance/package-analysis/tree/main/analysed-packages/angular/version-15.2.2

Look for other software packages that may have already been curated at O and provide links to the related repositories



Next step: How do I obtain the disclosure file if my software package is already included in the current version of O?

To download the disclosure file that relates to a given package name and version from the O Github repository the following script can be used:

#!/bin/bash

if test -z "$1" -o -z "$2"
then
  echo "Usage: $0 <package> <version>"
  exit 1
fi
package="$1"
version="$2"
if test `wget -qO - https://www.osselot.org/curated.php?$package | grep version-$version`
then
  wget -qO - https://raw.githubusercontent.com/Open-Source-Compliance/package-analysis/main/analysed-packages/$package/version-$version/$package-$version-OSS-disclosure.txt
fi

The output of this script can then be adapted to the actual file set of the binary software distribution and given to the recipient of the software upon delivery as an important step toward compliance with the license terms. Possible further steps to license compliance are the adaptation of other legal materials such as terms and conditions and, if the license contains this obligation, the immediate provision or an appropriate written offer to deliver the source code.

In the above example of angular in version 15.2.2, if the script is called "getdisclosure" and invoked as

getdisclosure angular 15.2.2

a text is returned that is ready to be used:

Look for other software packages that may have already been curated at O and provide links to the related disclosure documents



Material from multiple packages can each be given a title line and then concatenated.

Alternatively: How do I use the disclosure files if my software package is included in O but in a different version?

If a particular version of a software package has not been curated before, but another one that may be close to it has, then FOSSology's reuse feature can be applied. Details are given in the presentation and video material on the O home page: Please check out "Use case 2" at the O presentations.

By the way: How do I contribute to the project if I have curated a package not yet included with O in this version?

Contributions are greatly appreciated, and therefore we would like to encourage as many users as possible to contribute. The more versions of more packages that are curated, the more beneficial the O project will be. However, to maintain confidence in the material, we have instituted a rigorous vetting process. Volunteers are asked to first contact the O Officer via email. The easiest next step is then probably to arrange a video conference, get to know each other, and understand the basic principles of the O curation process. From that moment, new software packages can be curated and provided in the fork tree. The maintainer will then review the newly provided curation data in close collaboration with the contributor, and once the review is successful, the new curation data will be included and made publicly available through the repository. The contributor's and reviewer's names will be indicated in the README file of the package.