Project Description
Legal reviews have been a quite painful part of our development process. The current situation in Factory waits for legaldb for a limited amount of time and simply proceeds further if the review is not "approved" within a few hours.
Leap currently waits for legal review to be closed (may take weeks), or manually skipped. We typically contact our legal with ask to review specific requests on a weekly basis.
The goal is to improve our best effort on reviews in openSUSE, and ideally "shorten" the time of legal review of our packages.
Project OSSelot and related work on legal reviews seem to be funded by donations to OSADL (based in Germany). The project seems to use fossology underneath.
I highly recomemnd to start by watching OSSelot videos to get some idea about how their process and results look like. The last one seems to be closest to what I've seen in the Open Chain webinar.
GitHub repository of curated data
This project has two parts. Offloading our legal team, where possible, and contributing back.
Goal for this Hackweek
Contributing back results of our reviews Being a good Open Source Community Citizen and publicly sharing results of our legal reviews of community packages.
Offloading reviews of our community packages. There I can see extension of our existing current process. And extending our legal bot to talk to fossology/OSSelot.
An example could be Let's wait for legaldb for n-hours (currently 1-2h), if the review is still open then let's submit it to OSSelot. I see it as a much better alternative to e.g. lkocman skipping the review and taking the change in, in case that review was not closed for days/weeks.
Resources
We could use somebody who has experience with our legal tooling https://github.com/openSUSE/cavil and could help us export data from legaldb.suse.de to https://github.com/Open-Source-Compliance](https://github.com/Open-Source-Compliance/package-analysis/tree/main/analysed-packages)
A person who could tweak our existing legal bot to submit requests to fossology/osselot
This project is part of:
Hack Week 22
Activity
Comments
-
about 1 year ago by lkocman | Reply
** An agreed first step from our call with Christopher from our legal team would be to compare our cavil report with the fossology report. Sebastian and Christopher recommended to start with comparing results of openssl**
I'd recommend filing an OSSelot project issue containing our review data (perhaps stripped from the SUSE's RISK assestment) and have a discussion about next steps.
*Notes: *
What's interesting for us is the SPDX license mapping to files, we're still using mappings from before the spdx time. What's interesting to our SUSE legal is what are the criteria for rejection on the OSSelot side. I did ask and we do not have any "strategy" or "rules" rejection documented publically.
I'm not sure if OSSelot team would be willing to work on our reviews to the level that we'd expect (to be clarified, see my note about rejection above), but having these reports public e.g. in a pull request, opens a way for volunteers with legal license background to contribute and offload SUSE legal team on community reviews.
-
about 1 year ago by lkocman | Reply
Another action item from Sebastian:
One more thing for hack week, you could take a look at a rejected review, maybe there is something they have in their data that matches (search https://legaldb.suse.de/reviews/recent for unacceptable)
There were 11 rejected reviews in the past 3 months
Similar Projects
Grab precise changes in log file/s between system events by smhalas
[comment]: # (Please use the project descriptio...
opensuse-redir-cache by bmwiedemann
[comment]: # (Please use the project descriptio...
Grab precise changes in log file/s between system events by smhalas
[comment]: # (Please use the project descriptio...
A quantum physics experiment puzzle (designed with Google's CP-SAT solver) by moio
[![link to video player demoing the result](htt...
Testing and adding GNU/Linux distributions on Uyuni by juliogonzalezgil
Join the Gitter channel! [https://gitter.im/uy...
Saline (state deployment control and monitoring tool for SUSE Manager/Uyuni) by vizhestkov
[comment]: # (Please use the project descriptio...
Forklift - Text based GUI utility for dealing with containers by andreabenini
[comment]: # (Please use the project descriptio...
Support for OVA build in OBS and better support for vmdk disks in kiwi by gmoro
Project Description
Implement support for O...
Adapt Bootstrap code in OBS to support theming by enavarro_suse
Project Description
After the release of ...
Improve database_cleaner.rb script in OBS by enavarro_suse
Project Description
There is some code to...
Elixir LiveView clone of Etherpad (running on ALP) by socon
Project Description
Etherpad (etherpad.org)...
Reduce the amount of TODOs for RuboCop in OBS by enavarro_suse
Project Description
The OBS project has a...
Test Results for openQA on GitHub by livdywan
Project Description
Jobs in openQA are us...
Deep clean-up of the Uyuni documentation files by omaric
Project Description
This project is plann...
Avahi Integration and Network Connection by vojha
Avahi Integration and Network Connection
...
Collect flaky test cases identified by the team in a GitHub board and highlight them in the Test report by oscar-barrios
Project Description
Flaky tests: Th...