Closed mcjaeger closed 2 years ago
KoukiHama
commented
4 years ago @mcjaeger
I would like to develop this feature.
So my question is: what does OSLC stand for?
Is OSDAL correct in the following link? https://www.osadl.org/Access-to-raw-data.oss-compliance-raw-data-access.0.html
Thanks Hama
KoukiHama
commented
4 years ago I found this pdf. OSLC stand for Open Source License Compliance. https://github.com/finos/OSLC-handbook/blob/master/output/pdf/OSLC-handbook.pdf
This is also good resource for importing license info. https://github.com/FHPythonUtils/LicenseMatrix
tienlee
commented
3 years ago @KoukiHama @mcjaeger
I would like to share the GUI and activity diagram.
Currently, I am implementing this feature following them. Next week, I will do the test and create a pull request.
Could you please help me to check and let me know your feedback?
Thanks and Best regards, TienL Import_OSADL_Licenses_Activity_Diagram.pdf
mcjaeger
commented
3 years ago @tienlee awesome! looks Ok for me. Please check that we have added to the sw360 (license) obligation data model a new field "external id" which could be used in this case to store a reference to the OSADL coordinates of that obligation. By this, your synchronisation steps could be supported.
tienlee
commented
3 years ago Thank you very much for your comment. Before, I plan to add a new field to the sw360 (license) obligation data model to store OSADL type. With your comment, I will use "external id" field. For example: "externalIds": { "OSADL-Obligation-URL": "https://www.osadl.org/fileadmin/checklists/unreflicenses/AFL-2.0.txt" },
mcjaeger
commented
3 years ago but pls consider the code status on latest master, maybe it will be complicated when doing this on tagged version 11 ...
tienlee
commented
3 years ago OK, I will consider it.
Currently, we are testing this feature. We got an issue when the internet speed is slow, the front end will be timeout, although the backend is in-progress to sync the data from osadl.org
Do you have any experience or suggestion for this case?
KoukiHama
commented
3 years ago This is the image of license obligations which sw360 import from OSDAL. @mcjaeger What do you think about this?
If you have any ideas on how to display OSDAL information more clearly, please let me know.
mcjaeger
commented
3 years ago Hello @KoukiHama that looks great. A quick idea could would be to make it two entries. (one for copyright notice, one of license text)
Also to import the obligation, maybe the Obligation title could be justth eline, so it can be reused between different licenses that share the same obligation. Otherwiese, if you have the ntp license, you will also have the same record, but checking on a project level will lead to checking a lot of same obligations.
So proposal could be:
So, this obligation record can be linked to many licenses...
KoukiHama
commented
3 years ago @mcjaeger Thank-you for good idea.
Our Image show MIT license case https://www.osadl.org/fileadmin/checklists/unreflicenses/MIT.txt
Other Licenses would be more complicated.
But, maybe, other license is also handled by your idea.
For example : LGPL2.1 https://www.osadl.org/fileadmin/checklists/unreflicenses/LGPL-2.1-only.txt
We should ignore some license obligation info in complicated licenses such as Comatibility in LGPL2.1-only.txt as first step. But these results will be helpful for users, even if sw360 does not show all OSDAL license info.
KoukiHama
commented
3 years ago Now I consider how to show LGPL 2.1 obligation from OSDAL.
if we use @mcjaeger 's proposal directly, we need to make obligation which have same title but different text obligation.
Obligation: title "You must provide copyright notices", Obligation text: "USER CASE Source code delivery. You must provide copyright notices"
Obligation: title "You must provide copyright notices", Obligation text: "USER CASE Binay delivery. IF NOT Linked work You must provide copyright notices"
I agree that one obligation record should be linked to many licenses.
So I think, as first step, we should make obligations about only YOU MUST or YOU MUST NOT in each license text by OSDAL texts.
(I think "USE CASE" or other "IF" requirement are also important, but we should consider them in next step. )
For example, MIT license has 2 obligations
Apache2 has these obligation and more.
LGPL 2.1 has these obligation and more.
NTL has these obligations
PYTHON2.0 has these obligations
By ignoring the complicated conditions, sw360 can link some common obligations for each license.
If we do this, the text and title might as well be the same.
Also, to avoid misleading users, information imported from OSDAL should be able to display its URL somewhere like SPDX links.
quan-tv
commented
3 years ago Dear @mcjaeger @KoukiHama,
This is my idea about the obligation:
Firstly, I think that we should make clear the definition of obligation. I myself sometimes feel confused about it. I think that there are 2 different terms:
Import OSADL information:
KoukiHama
commented
3 years ago @quan-tv Your idea is better than my tentative idea!
quan-tv
commented
3 years ago Hi all,
I and my colleague are working on parsing OSADL information from
https://www.osadl.org/Access-to-raw-data.oss-compliance-raw-data-access.0.html
We are facing a problem with parsing the obligation. In the last telco, I already explained about the structure of an obligation: [Language element] + [Action] + [Object]
For example:
Obligation: YOU MUST NOT Use "Apache" [ex. "Jakarta," "Apache," or "Apache Commons,"] in product name
Obligation: YOU MUST Credit Verbatim In Documentation "This product includes software developed by the Apache Software Foundation (http://www.apache.org/)."
While the 'Language element' can be pre-defined (at this moment, we noticed that there are only 2 values: YOU MUST and YOU MUST NOT), it is quite difficult to parse the Action and Object because they are free text. We came up with below solutions (none of them is perfect):
So, if you have any other idea, could you please share with us?
quan-tv
commented
3 years ago Hi all,
I would like to continue with the design solution for OSADL information.
// I may need to break into multiple comments because wall of text.
Back to my previous comments about the 2 terms related to obligation:
At this moment, SW360 already got a object named 'Obligation', but the meaning/purpose of this SW360 is the same meaning as 'License obligation' above. We should have 2 solutions here:
Solution 1 doesn't require to update SW360 much, but the 2 new names doesn't reflex the meaning well. Solution 2 requires update the all the implemented source code related to Obligation.
I myself prefer the solution 2, because changing the name is not a difficult task, even though re-testing is still needed. But in case the re-testing effort is huge, we need to consider.
Could you please let me know your idea about this?
Thank you very much!
quan-tv
commented
3 years ago Next is parsing OSADL information. This is my proposal for solving this issue:
Obligation text from OSADL will be parsed and displayed this screen.
quan-tv
commented
3 years ago For creating License Obligation, a new screen will replace the current screen of adding Obligation.
USE CASE Source code delivery
YOU MUST Provide Copyright notice
ATTRIBUTE Highlighted
ATTRIBUTE Appropriately
IF Software modification
YOU MUST Grant License
USE CASE Binary delivery
COMPATIBILITY BSD-2-Clause
COPYLEFT CLAUSE YesThe corresponding screen is like:
quan-tv
commented
3 years ago By the way, I have a question. I notice that there is no 'Edit' function of Obligation in current SW360. I wonder if this is the intention when design the system or just a missing feature?
If case if it is a missing feature, I and my colleagues would like to implement it.
quan-tv
commented
3 years ago Hi all,
About this comment of mine about the terms related to Obligation:
https://github.com/eclipse/sw360/issues/513#issuecomment-877928926
We should have 2 solutions here:
- Rename the 2 terms to make it fit with current SW360:
- Obligation -> Obligation Element
- License Obligation -> Obligation
- Rename current SW360 object:
- Obligation -> License Obligation
After deeper investigation about current SW360 system, I found out that the term 'License Obligation' was used for 'Obligation Level', so I'm afraid that the solution 2 is not feasible.
So, should we follow the solution 1?
KoukiHama
commented
3 years ago I see. Sw360 have already used "License Obligation". So, I think only solution 1 is good.
mcjaeger
commented
3 years ago By the way, I have a question. I notice that there is no 'Edit' function of Obligation in current SW360. I wonder if this is the intention when design the system or just a missing feature?
If case if it is a missing feature, I and my colleagues would like to implement
We thought that once obliugations are there, they should not be changed after wards. Maybe some text type correction. Bu tthe problem is when you edit an existing oibligation how to follow later if an obligation was covered by the product?
However, I think the obligation data is copied to the project for preserving what is considered b the projects (I do not remember exactly anymore). So the obligation text in the main database could be edited in fact.
mcjaeger
commented
3 years ago Hi all,
I would like to continue with the design solution for OSADL information.
// I may need to break into multiple comments because wall of text.
Back to my previous comments about the 2 terms related to obligation:
- Obligation: one particular thing user need to follow when using the OSS.
- License Obligation: a set of obligations, also with the context provided (context is 'USE CASE', 'IF', ..) One obligation can be linked to multiple license obligation. But one license obligation can only be linked to one specific license.
At this moment, SW360 already got a object named 'Obligation', but the meaning/purpose of this SW360 is the same meaning as 'License obligation' above. We should have 2 solutions here:
Rename the 2 terms to make it fit with current SW360:
- Obligation -> Obligation Element
- License Obligation -> Obligation
Rename current SW360 object:
- Obligation -> License Obligation
Solution 1 doesn't require to update SW360 much, but the 2 new names doesn't reflex the meaning well. Solution 2 requires update the all the implemented source code related to Obligation.
I myself prefer the solution 2, because changing the name is not a difficult task, even though re-testing is still needed. But in case the re-testing effort is huge, we need to consider.
Could you please let me know your idea about this?
Thank you very much!
I think the idea was not to have a container kind of type, but to have a type hierarchy. There shall be the super type Obligationwhere the sub types inheriting from that are
Licensse Obligation inheriting from licenses,Component Obligation being special about a component (for example an ECC issue),Project obligation, for example all projects from a special business area need a special OSS handlingOrganisation Obligation, for example valid for all projects or products in the organisation, provide an OSS office contact address. For the OSADL obligations we need probably license obligations, because all of them refer to a license.
KoukiHama
commented
2 years ago https://www.osadl.org/fileadmin/checklists/matrix.html
This is good matrix for updating sw360's OSDAL function. For example, Alert function if license compatibility have problrm.
quan-tv
commented
2 years ago Dear all, We are working to implement new functions of Obligation management:
Here are some screen shots of these functions:
Actually, the implementation was completed, we are in testing phase.
I hope that these functions will be ready soon.
KoukiHama
commented
2 years ago Lets continue to discussion about Import OSLC
arunazhakesan
commented
2 years ago PR is merged.
(from discussion) existing data model should be aligned with the obligation data from these two sources.
(t.b.c)