Description
Handling Open Source Software in a compliant way requires a good Open Source Management that keeps you busy already. On the technical side, the component often can be downloaded, integrated and functionally tested within minutes. But what about the so called non-functional requirements.
For some Open Source Components, the necessary information as input for the Open Source Management is hard to find or even completely missing. Thus technically you can download and run the stuff, but from a legal perspective it might be, that you are not allowed to. Not because the Open Source Project wanted to actively avoid it, but the necessary "non-functional" requirements were not fulfilled yet.
This talk will show some examples for non-functional requirements, the experiences we have made at Bosch Software Innovations with missing information and potential work-arounds. As the problem needs to be resolved at the root, the talk will highlight some community activities running that address these issues like clearlydefined.io, sharing-creates-value and sw360.
Audience
Project Teams and Open Source Program Offices that suffer the daily fight with missing metadata but also Open Source Projects that have an interest in providing good quality beyond the mere technical perspective.
The session will show some directions to improve the situation in the future together and give a short introduction of what is already happening.