hannahkane
commented
6 years ago The vendor team will be expected to work with 18F and the Forest Service to recommend the appropriate frameworks and libraries that they feel are best suited for the work to be done. All open source javascript frameworks and libraries can be considered, as long as they don’t include vulnerable dependencies. Our open source approval process will reflect the security review of dependencies- per the security acceptable levels of quality and the 18F open source in policy mentioned in Product Requirements in Section 2.1.2.
Question/Comment on the Forest Service RFP
Name and affiliation
Thomas Delrue, Lead Software Architect, VariQ Corporation
Section of RFP documents
Section 9.2 - Data rights and Ownership of Deliverables
Question/Comment
The dedication of F18 to commit the deliverables to the public domain as well as the dedication to adhere to & comply with the Open Source Licenses (e.g. GPL, MIT, …) as they apply to the constituent projects is to be commended. Can you elaborate on the approvals process that will be required when a new open source component is selected for inclusion in the deliverables? Similarly, is there a set of per-approved (open source/free/libre) licenses that can be used to 'fast-track' approval and are there certain licenses that are excluded or will result in a more difficult approval process (for example GPLv3)?