OpenHarmony Open-Source Compliance Policy
Purpose
The policy defined in this document enables the OpenHarmony community to comply with the license terms and values of open-source software and respect third-party intellectual property rights while benefiting from the use of these open-source software. This document provides a common framework for open-source software compliance for the OpenHarmony community, with the goal of ensuring license compliance. It also improves the open-source compliance governance capability of OpenHarmony based on the best practices in the industry, helping community members understand how to use open-source software and contribute to the community.
Scope
This document applies to all contributors to the OpenHarmony community, including the code repositories under OpenHarmony and those under OpenHarmony-SIG.
Improvements and Revisions
- This document is drafted and maintained by the Compliance SIG. What you are reading now is the latest version of this document.
- Any addition, modification, or deletion of the specifications mentioned in this document can be traced.
- The PMC reviews and finalizes the specifications after thorough discussion in the community.
Terms and Abbreviations
Open-Source Compliance Terms and Abbreviations
Phase-specific Compliance Policy
Introduction Phase
License Usage and Review Specifications of Open-Source Software
Introduction and Exit Specifications of Open-Source Software
Introducing Open-Source Software
Development Phase
License, Copyright, and Metadata Compliance Specifications
Gated Check-In Compliance Specifications
Specifications for Participation in Upstream Communities
Best Practices and Suggestions for Contributions to Upstream Open-Source Projects
Release Phase
Open-Source Obligation Fulfillment
Management Policy for Open-Source Compliance Artifacts
Software Bill of Material (SBOM) Specifications
Open-Source Compliance Requirements for Community Version Release and SIG Incubation Graduation
-
Open-Source Compliance Requirements for SIG Incubation Graduation
-
Open-Source Compliance Requirements for Community Version Release
Binary Compliance Specifications
Binary Compliance Specifications
Open-Source Compliance Issue Management Process
Open-Source Compliance Issue Management Process
Open-Source Compliance Roles and Responsibilities
Open-Source Compliance Role and Capability Requirements
Open-Source Compliance Training Resources and Requirements
Open-Source Compliance Training Plan
Consequences of Incompliance
It is important to comply with this policy. Failure to do so may result in:
- Claims raised by copyright holders or intellectual property holders for the code you use
- Claims raised by the recipient of the code
- Inadvertently releasing code that is not supposed to be released
- Fines caused by violation of regulatory obligations
- Loss of reputation
- Fund loss
- Breach of contracts
Any individual who violates this policy may be subject to disciplinary actions.
Response Policies for Negative Events of Open-Source Compliance
For details, see the policy released by OpenHarmony GLA.
References
Linux Foundation Compliance Program: Generic FOSS Policy