Policy for use of Open Source Software and other 3rd Party Software
Open Source
The following outlines the policy for use of Open Source in the Digizuite product.
Accepted
Open source components may be included with-out modification if the license is Permissive.
Contribution to the community by creating pull-requests (submitting fixes) towards the open source code base if errors are found and fixed.
Conditional
Open source components may be included and modified if the license is Permissive AND accepted by the Digizuite Software Board.
Open source components may be included BUT NOT modified if the license is Weak Copyleft AND accepted by the Digizuite Software Board.
Unmodified tools with Weak Copyleft and Strong Copyleft Licenses may be used if accepted by the Digizuite Software Board.
Not allowed
Components or tools with Weak Copyleft or Strong Copyleft licenses may NOT in any way be modified and distributed.
Ensuring Compliance
During Development
All check-ins of software are audited against the OSS Policy by a team member (buddy-reviews via pull requests) and inspections are made periodically by each development team’s Tech Lead.
Before Releases
As an integrated part of all releases it is ensured that new software components are in compliance with the OSS Policy.
The source code repositories are scanned
Additional manual audits are performed
Listings of relevant license files per product (BoM)
All new components are inspected
Bill-of-Material
Each release of each product includes a list of relevant 3rd party software components which is either based on output from the scanning of manual maintained.