procesos y herramientas legales para ... - dugi-doc.udg.edu
TRANSCRIPT
![Page 1: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/1.jpg)
Procesos y herramientas legales para desarrollar en software libre
Malcolm Bain – id law partners
Jornadas SIG libre 2018 – SITGE – Universitat de Girona
![Page 2: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/2.jpg)
… A (legal) word from our sponsors
![Page 3: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/3.jpg)
SITGE updated privacy policy• At SITGE we have updated our privacy policy in line with the GDPR.
• We are emailing you because we hold some data that identifies you(typically, your name and email address) in our conference systems as an author/participant/presenter. This is for your information only, there is nothing you need to do at this stage.
• We will always keep your data secure, and will only use it for ourpublishing processes. Please let us know if you have any questionsabout our updated privacy policy.
(PS we know where you are!!! WE ARE GEOLOCATING YOU!)
![Page 4: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/4.jpg)
GDPR
GROSS DOMESTIC PRODUCT IN REGRESSION
![Page 5: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/5.jpg)
GDPR
GIRONA DOESN’T PLAY RUGBY
![Page 6: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/6.jpg)
GDPR
GEOGRAPHICAL DISPLAYS of PICTURES in RASTER
![Page 7: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/7.jpg)
GDPR
GIS DEVELOPERS PROGRAM RUTHLESSLY
![Page 8: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/8.jpg)
GDPR
GIS DEVELOPERS ARE PRETTY REPULSIVE
![Page 9: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/9.jpg)
GDPR
GIS DEVELOPERS ARE PERFECTLY REDUNDANT
![Page 10: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/10.jpg)
GDPR
GEMMA and DOLORS PREFER “RUBIOS”
![Page 11: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/11.jpg)
GDPR
GIS DEVELOPERS POSITIVELY ROCK!
![Page 12: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/12.jpg)
Un poco de historia
COMO LLEGAMOS HASTA AQUÍ!
![Page 13: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/13.jpg)
2007
![Page 14: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/14.jpg)
2009
![Page 15: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/15.jpg)
2011
![Page 16: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/16.jpg)
2013
![Page 17: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/17.jpg)
2015
![Page 18: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/18.jpg)
2016
![Page 19: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/19.jpg)
You are hot!!!
• Which skills have the biggest impact on open source hiring? Thereport outlines a few skills hiring managers say are in demand, suchas:• Development: 74% have openings for developers. • Application development: 60% are seeking application development
expertise. • DevOps: 58% need DevOps talent. • Cloud: 51% want candidates with OpenStack and CloudStack experience. • Networking: 21% are looking for new hires with networking skills. • Security: 14% need security pros. • Containers: 8% are seeking candidates with container experience• Legal knowledge: 100% want candidates with knowledge of licensing and
legal assistance tools (interviewee: Malcolm Bain)
![Page 20: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/20.jpg)
2018
Procesos y herramientas legales para desarrollar en software libre
Herramientas técnicas y procesos para implementar los bestpractices internacionales a nivel de desarrollo y releasemanagement, para asegurar la correcta gestión de los aspectos legales en desarrollos libres.
![Page 21: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/21.jpg)
6 LECTURAS OBLIGATORIAS
1. OPENCHAIN www.openchaingproject.org
2. SPDX www.SPDX.org
3. FOSSOLOGY https://www.fossology.org/
4. REUSE - https://reuse.software/
5. QUARTERMASTER – http://qmstr.org/
6. SW360 - https://projects.eclipse.org/projects/technology.sw360
![Page 22: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/22.jpg)
OPENCHAIN
• OpenChain: set of key processes to effectively manage open source (in a supply chain, or not)
• Develop an overarching standard to describe what organizations could and should do to address open source compliance efficiently gained momentum until the formal project was born• The OpenChain Specification defines a core set of requirements every quality
compliance program must satisfy.• The OpenChain Curriculum provides the educational foundation for open
source processes and solutions, whilst meeting a key requirement of the OpenChain Specification.
• OpenChain Conformance allows organizations to display their adherence to these requirements.
![Page 23: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/23.jpg)
![Page 24: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/24.jpg)
OpenChain Curriculum
Set of slides for training
![Page 25: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/25.jpg)
SPDX www.SPDX.org
• A standard format for communicating the components, licenses and copyrights associated with a software package.
• Human and machine readable formats• SPDX-License-Identifier: BSD-3-Clause
• SPDX-License-Identifier: GPL-3.0
• SPDX Tutorial, David Wheeler• https://github.com/david-a-wheeler/spdx-tutorial
![Page 26: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/26.jpg)
![Page 27: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/27.jpg)
FOSSOLOGY
• License, copyright and export scanners are tools available to help with your compliance activities.
• FOSSOLOGY: Open source license compliance software system and toolkit. • As a toolkit you can run license, copyright and export control scans from the
command line. • Imports and scans code – identifies licenses
• As a system, a database and web ui are provided to give you a compliance workflow.
• Other great scanning tools: NexB’s ScanCode, AboutCode, DeltaCode, TraceCode…: Toolkits for identifying, tracing, parsing, evaluating FOSS licenses https://github.com/nexB/scancode-toolkit
![Page 28: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/28.jpg)
REUSE
• Developer best practices for expressing license and copyright information in Free and Open Source Software projects• Best practices for license information in ways not only humans can read, but
computers as well. Machine readable copyright and license information, simply put
• facilitate management of source code by making licensing and copyright information more consistent in how it is added to source code in ways which allow for automating many of the processes involved
• https://reuse.software/practices/2.0/• Provide the exact text of each license used• Include a copyright notice and license in each file• Provide an inventory for included software
![Page 29: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/29.jpg)
SW360 • https://github.com/eclipse/sw360• sw360portal• A software component catalogue application -
designed to work with FOSSology.• SW360 is a liferay portal application to
maintain your projects / products and the software components within. It can send files to the open source license scanner FOSSologyfor checking the license conditions and maintain license information
• User workflows: https://github.com/eclipse/sw360/wiki/User-Workflows:-sw360
![Page 30: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/30.jpg)
Quartermaster
• A modular, extendable FOSS Compliance Toolchain• The master implements the workflow phases and manages the compliance
knowledge graph.
• It also acts as the state machine that models the workflow into the construction, analysis and reporting phases
• common use case –• ingesting a source code package to be a dependency to a product,
• evaluating license compliance and
• creating documentation for internal or external use.
![Page 31: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/31.jpg)
QMSTR
![Page 32: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/32.jpg)
Quick Summary
1. Best Processes: OPENCHAIN www.openchaingproject.org
2. Legal information mark-up: SPDX www.SPDX.org
3. License scanning: FOSSOLOGY https://www.fossology.org/
4. Best practices in development: REUSE - https://reuse.software/
5. Tool chaining: Quartermaster – http://qmstr.org/
6. Document: SW360 -https://projects.eclipse.org/projects/technology.sw360
![Page 33: Procesos y herramientas legales para ... - dugi-doc.udg.edu](https://reader031.vdocuments.net/reader031/viewer/2022013000/61c95a034f21664142644b37/html5/thumbnails/33.jpg)
Muchas Gracias!Malcolm Bain, id law partners
Y hasta dentro de 2 años
(iré mirando vuestros ficheros fuente!!)
Jornadas SIG libre 2018 – SITGE – Universitat de Girona