Compliance with copyright can be a nightmare, especially if the project faces it late in development. Everybody is now figuring out how to use tools and how this could help.
Our experience with an operating system developed on Yocto/Bitbake probably tested the limit. A compliance excercise that would take months/man if not years to complete, and we know there are many facing similar problems. If you start late, you will finish late.
But the gold standard is today to integrate compliance in CI/CD, reusing all the external resources that can possibly be summoned and yet providing robust scrutiny and evidence of the process, as required by OpenChain, the international standard for open source compliance, that we are making compatible with the Eclipse IP policy.
We present our solutions as an input to other projects in order to have a more timely and efficient compliance.
Comments Sign in to post comments
Relation to Eclipse Foundation processes?
Submitted by Miro Spönemann on Fri, 2021-06-18 03:55
Thanks for your submission! Please note that the Eclipse Foundation has very strong processes for ensuring license compatibility of open source projects and their dependencies. Are you going to consider these in your presentation?