Create a TODO Guide to improve content, submitted by @byjrack - topic: Doing Attribution well.
I see a ton of variance in what I see internally and externally when it comes to Attribution for 3rd party works. What is in the artifact, how it is made available, etc. I believe there are general common practices like the http://www.apache.org/legal/src-headers.html#notice which is a foundation principle and not a part of the license.
I would appreciate help building some consensus approaches to doing attribution well.
How to make it available in web and binary works?
What does it contain for the works? Include the version? Use SPDX as a framework?
Inclusive of all transitive or only the directs?
Ecosystem support for auto-generation for the tooling and platforms we are using (OCI may look a bit different compared to Maven)
Goal
Create a TODO Guide to improve content, submitted by @byjrack - topic: Doing Attribution well.
Description
This was ideated in https://github.com/todogroup/work-day-activities/issues/19 and https://github.com/todogroup/todogroup.org/issues/143
Action Items