OpenHarmony Open-Source Compliance Policy

Purpose

The policy defined in this document enables the OpenHarmony community to comply with the license terms and values of open-source software and respect third-party intellectual property rights while benefiting from the use of these open-source software. This document provides a common framework for open-source software compliance for the OpenHarmony community, with the goal of ensuring license compliance. It also improves the open-source compliance governance capability of OpenHarmony based on the best practices in the industry, helping community members understand how to use open-source software and contribute to the community.

Scope

This document applies to all contributors to the OpenHarmony community, including the code repositories under OpenHarmony and those under OpenHarmony-SIG.

Improvements and Revisions

• This document is drafted and maintained by the Compliance SIG. What you are reading now is the latest version of this document.
• Any addition, modification, or deletion of the specifications mentioned in this document can be traced.
• The PMC reviews and finalizes the specifications after thorough discussion in the community.

Terms and Abbreviations

Open-Source Compliance Terms and Abbreviations

Phase-specific Compliance Policy

Introduction Phase

License Usage and Review Specifications of Open-Source Software

• Licenses and Special License Review

• OpenHarmony License Agreement

Introduction and Exit Specifications of Open-Source Software

Introducing Open-Source Software

Development Phase

License, Copyright, and Metadata Compliance Specifications

• License and Copyright Specifications

• SPDX Information Declaration Specifications

• Specifications for README.OpenSource

Gated Check-In Compliance Specifications

• Gated Check-In Requirements

• OSS Audit Tool

Specifications for Participation in Upstream Communities

Best Practices and Suggestions for Contributions to Upstream Open-Source Projects

Release Phase

Open-Source Obligation Fulfillment

Management Policy for Open-Source Compliance Artifacts

Software Bill of Material (SBOM) Specifications

• SBOM Generation and Delivery Description
• SBOM Review and Problem Handling Rules

Open-Source Compliance Requirements for Community Version Release and SIG Incubation Graduation

• Open-Source Compliance Requirements for SIG Incubation Graduation

• Open-Source Compliance Requirements for Community Version Release

Binary Compliance Specifications

Binary Compliance Specifications

Open-Source Compliance Issue Management Process

Open-Source Compliance Issue Management Process

Open-Source Compliance Roles and Responsibilities

Open-Source Compliance Role and Capability Requirements

Open-Source Compliance Training Resources and Requirements

Open-Source Compliance Training Plan

Consequences of Incompliance

It is important to comply with this policy. Failure to do so may result in:

• Claims raised by copyright holders or intellectual property holders for the code you use
• Claims raised by the recipient of the code
• Inadvertently releasing code that is not supposed to be released
• Fines caused by violation of regulatory obligations
• Loss of reputation
• Fund loss
• Breach of contracts

Any individual who violates this policy may be subject to disciplinary actions.

Response Policies for Negative Events of Open-Source Compliance

For details, see the policy released by OpenHarmony GLA.

References

Linux Foundation Compliance Program: Generic FOSS Policy