Now that about 150 packages containing about 400,000 files had been inspected and curated, it was time to bring the O project to a wider audience. The embedded world exhibition and conference in Nuremberg, Germany with its "Official Daily" newspaper were a welcome opportunity for this: On day 1 of the exhibition, a related article appeared in German and on day 2 in English. Shortly thereafter, the German magazine "Elektronikpraxis" followed with a three-page article on O.
When people who copy and distribute Open Source software for whatever purpose are asked what they think most hinders and limits the use of such software, they regularly answer, “Clearing a software component for distribution and correctly fulfilling the various license obligations is so much painful work.” And they usually add: “It’s especially painful because you know that most of the work has been done a thousand times before by others, but you can’t get to the results.” It seems therefore obvious to share these efforts just as the development of the software itself is shared. To do so, three prerequisites must be fulfilled:
A minimal set of clearing information must be defined, and a database must be provided to store curated data.
A platform must be established where a community can grow that creates, shares, and makes such curation data generally available.
To create trust in the reliability of the provided material, its quality must be undeniably high, requiring experienced and responsible contributors and continuous, rigorous and thorough review.
To make this happen, the O project was established.
Content
The project data are provided in a publicly accessible repository for selected versions of software packages such as Coreboot, the Linux kernel or the OpenSSL library. Typically, three artifacts are included per package – a README file with general information, an SPDX tag:value file with curated data for every single source code file and a ready-to-use OSS disclosure file. The tag:value files can be integrated into the build process, so only the licenses of those files that are actually compiled into the build artifact and distributed need to be considered. See Presentations for use cases and examples on how to use the provided data. In addition, the tag:value files contain annotations to the license conclusions to elucidate decisions that are not obvious. The OSS disclosure files contain all applicable licenses and all copyright notices for the entire package. In addition, the OSS disclosure files contain “acknowledgment text” when such acknowledgment is required by the license.
Following the principle of Open Source software development, contributions, review of existing data and bug reports are encouraged. Feedback can be given via git issues in the repository or in direct contact to infoªosselot.org. In return, any inconsistencies or problems that are found while curating data are communicated to the respective projects in the hope that future versions are improved for everyone.
License
O is not only on Open Source software, but also is Open Source itself and licensed under CC0 1.0 Universal (SPDX-License-Identifier: CC0-1.0).
