Policy for use of Open Source Software and other 3rd Party Software

Open Source

The following outlines the policy for use of Open Source in the Digizuite product.

Accepted

  • Open source components may be included with-out modification if the license is Permissive.

  • Contribution to the community by creating pull-requests (submitting fixes) towards the open source code base if errors are found and fixed.

Conditional

  • Open source components may be included and modified if the license is Permissive AND accepted by the Digizuite Software Board.

  • Open source components may be included BUT NOT modified if the license is Weak Copyleft AND accepted by the Digizuite Software Board.

  • Unmodified tools with Weak Copyleft and Strong Copyleft Licenses may be used if accepted by the Digizuite Software Board.

Not allowed

  • Components or tools with Weak Copyleft or Strong Copyleft licenses may NOT in any way be modified and distributed.

Ensuring Compliance

During Development

  • All check-ins of software are audited against the OSS Policy by a team member (buddy-reviews via pull requests) and inspections are made periodically by each development team’s Tech Lead.

Before Releases

As an integrated part of all releases it is ensured that new software components are in compliance with the OSS Policy.

  • The source code repositories are scanned

  • Additional manual audits are performed

  • Listings of relevant license files per product (BoM)

  • All new components are inspected

Bill-of-Material

Each release of each product includes a list of relevant 3rd party software components which is either based on output from the scanning of manual maintained.