Open Source Policy Template for OpenChain Specification 1.2
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
Comment only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
The OpenChain Open Source Policy Template
2
The focus of this template is to help apply the key requirements for a quality open source compliance program. It provides sample policy text that helps organisations select, classify, incorporate and publish open source code with a focus on legal compliance of open source. Companies may need to consider others matters related to business requirements, engineering requirements and inter-organization / inter-project relationships when completing their own open source policy.
3
You can obtain broader reference policy material from the TODO Group, a sister project to OpenChain at the Linux Foundation. It is located here: https://github.com/todogroup/policies
4
5
How the OpenChain Open Source Policy Template works
6
7
All of the template policy text is contained in the spreadsheet tab named "The OpenChain Open Source Policy Template."

Column A of the OpenChain Open Source Policy Template shows the specific section of the OpenChain Specification that content relates to.

Column B of the OpenChain Open Source Policy Template contains the text of the OpenChain Specification requirement.

Column C of the OpenChain Open Source Policy Template categorises the text in each row as follows:
H = heading
RQ = requirement
RT= rationale
VA = verification artefact
TX= supporting policy text

Column D of the OpenChain Open Source Policy Template is sample policy text which addresses the specific OpenChain Specification requirement.
8
9
Example Appendix 1 - Unofficial License Grid used by UK Entity
10
11
This is a list of open source licences classified as to their requirements and effect. It uses SPDX identifiers and contains all OSI-approved licences and some others. This is just a sample and it is anticipated that each organisation will populate their own (and will likely add proprietary licences to the mix). This is a work in progress, as you can see there are some unpopulated areas, and copyleft for all licences has not yet been categorised into ‘weak’ and ’strong’.
12
This example language is not supported by the OpenChain Project. If you need assistance regarding this text please contact Moorcrofts or Orcro in the UK.
13
14
Example Appendix 2 - Unofficial Source Acceptability Process used by UK Entity
15
16
This is very much a sample and will likely be significantly amended for each individual organisation’s particular needs.
17
This is a set of criteria and processes for determining whether code should be incorporated, and how.
18
This covers a set of source acceptability steps, a taxonomy of use cases, a set of criteria for determining whether a given piece of code is acceptable within a given criterion based on non-licensing factors (code quality etc), and finally a set of criteria for code selection based on licensing.
19
This example language is not supported by the OpenChain Project. If you need assistance regarding this text please contact Moorcrofts or Orcro in the UK.
20
21
Example Appendix 3 - Unofficial Incident Process used by UK Entity
22
23
This is a set of incident process and severity criteria to assist organisations in triaging, assessing and prioritising response to negative compliance events.
24
This example language is not supported by the OpenChain Project. If you need assistance regarding this text please contact Moorcrofts or Orcro in the UK.
25
26
27
This is Release 1 of the Open Source Policy Template for OpenChain Specification 1.2
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu