From 5bdb46931a08aff6b04f0eeb71a4f2a8a6c38311 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AB=98=E4=BA=AE=EF=BC=88Kubi=EF=BC=89?= Date: Mon, 8 Aug 2022 02:19:50 +0000 Subject: [PATCH] =?UTF-8?q?!1110=20=E5=90=88=E8=A7=84SIG=E7=9B=AE=E5=BD=95?= =?UTF-8?q?=E5=8F=8Acharter=E4=BF=A1=E6=81=AF=E5=88=9D=E5=A7=8B=E5=8C=96?= =?UTF-8?q?=20*=20init=20sig-compliance=20charter=20and=20meeting=20infoma?= =?UTF-8?q?tion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sig/sig-compliance/OWNERS | 46 ++++++++++++++ sig/sig-compliance/sig_compliance.md | 73 ++++++++++++++++++++++ sig/sig-compliance/sig_compliance_cn.md | 80 +++++++++++++++++++++++++ 3 files changed, 199 insertions(+) create mode 100644 sig/sig-compliance/OWNERS create mode 100644 sig/sig-compliance/sig_compliance.md create mode 100644 sig/sig-compliance/sig_compliance_cn.md diff --git a/sig/sig-compliance/OWNERS b/sig/sig-compliance/OWNERS new file mode 100644 index 0000000..bbf619d --- /dev/null +++ b/sig/sig-compliance/OWNERS @@ -0,0 +1,46 @@ +{ + "Leader": [{ + "gitee_id": "jalenchen", + "gitee_email": "chenyaxun@huawei.com" + }], + "Committers": [{ + "gitee_id": "king-gao", + "gitee_email": "king.gao@huawei.com" + }, + { + "gitee_id": "alec-z", + "gitee_email": "zhengzhipeng4@huawei.com" + }, + { + "gitee_id": "kubigao", + "gitee_email": "jean.gaoliang@huawei.com" + }, + { + "gitee_id": "billwangliang", + "gitee_email": "bill.wangliang@huawei.com" + }, + { + "gitee_id": "youthdragon", + "gitee_email": "youthdragon.wangyiming@huawei.com" + }, + { + "gitee_id": "jungle8023", + "gitee_email": "forest.cong@huawei.com" + }, + { + "gitee_id": "Rahul Mohan G", + "gitee_email": "rahulmohang@gmail.com" + }, + { + "gitee_id": "yishuangli", + "gitee_email": "yishuang.li@huawei.com" + }, + { + "gitee_id": "Carlo Piana", + "gitee_email": "piana@array.eu" + }, + { + "gitee_id": "Alberto Pianon", + "gitee_email": "pianon@array.eu" + }] +} \ No newline at end of file diff --git a/sig/sig-compliance/sig_compliance.md b/sig/sig-compliance/sig_compliance.md new file mode 100644 index 0000000..43d7bea --- /dev/null +++ b/sig/sig-compliance/sig_compliance.md @@ -0,0 +1,73 @@ +# SIG-compliance +English | [简体中文](./sig_compliance_cn.md) + +Note: The content of this SIG follows the convention described in OpenHarmony's PMC Management Charter [README](/zh/pmc.md). +## Overview +With the rapid development of the OpenHarmony community, more and more patches are submitted by developers, more and more third-party open source software is introduced into the community, Meanwhile, OpenHarmony Compliance risks are increasing. As we all know, The community has introduced and developed [Open Source Compliance Audit Tool OAT](https://gitee.com/openharmony-sig/tools_oat), sensitive word scanning tools, open source code fragment scanning, and 7-cai tools to solve the basic compliance problems. However, there is still a lot of work to be confirmed by the team. As the size of the community increases, this will pose a huge challenge to the compliance of the community. Therefore, we hope to setup the SIG-Compliance . With the SIG, we will strengthen multi-party connectionst, embrace the best practices in open source, and establish a mechanism and engineering system for open source compliance governance, including standards/norms, processes , tools, organization. The SIG will provide open source compliance governance solutions or services to organizations and individuals participating in the community. +## SIG group work objectives and scope +### work goals +- Establish OpenHarmony's open source compliance engineering system +- Formulate the rules, norms and processes of OpenHarmony's open source compliance governance +- Develop OpenHarmony's open source compliance Audit tools +- Provide OpenHarmony's open source compliance services +### work scope +The first phase of the core work of the SIG focuses on the construction of community ** open source compliance governance engineering systems and capabilities**. According to the life cycle of open source software and community development, we divide open source compliance into four categories: +- **Reliable source** (third-party open source software, community self-developed code) +- **License compliance** (open source software license compatibility, open source software license obligation fulfillment, The License Compliance of Project) +- **Intellectual Property Compliance** (Copyrights, Patents, Trademarks, Terminology) +- **Release Compliance** (Trade Compliance, The License Compliance of Release) + +The work of this group **includes** +- **Planning and developing of engineering capabilities and tools** +- **Drafting and formulation of compliance process rules** +- **Collaborate with community and industry organizations on engineering capabilities** +- **Introduction and external sharing of best practices in compliance governance** +- **Compliance culture and training within the community** + +#### **Relationship between Open Source Audit Tool Project**: +As a umbrella project, The SIG-compliance will +integrate with [OAT](https://gitee.com/openharmony-sig/tools_oat) as one of most important tool for our project. Meanwhile, the other compliance tools also will be integrate into our project. We will leverage these tools to empower openharmony compliance engineering system + +#### **Relationship with Open Source Compliance Group under the Openharmony Working Committee**: +In principle, this SIG should implement the compliance engineering capabilities under the guidance of the open source compliance group, and regularly report to the open source compliance group. + +This group **does not** includes +- Official announcement for compliance event and legal issues +- Final interpretation of community open source compliance and legal issues +- Final desicion of community open source compliance governance standards and process + +### The repository +- project name: + - OAT :https://gitee.com/openharmony-sig/tools_oat + + +## SIG Members + +### Leader +- @jalenchen(https://gitee.com/jalenchen) + +### Committers +- @king-gao (https://gitee.com/king-gao) +- @alec-z (https://gitee.com/alec-z) +- @kubigao (https://gitee.com/kubigao) +- @billwangliang (https://gitee.com/billwangliang) +- @youthdragon (https://gitee.com/youthdragon) +- @jungle8023 (https://gitee.com/jungle8023) +- @yishuangli(https://gitee.com/yishuangli) +- @Rahul Mohan G(rahulmohang@gmail.com) +- @Carlo Piana( piana@array.eu ) +- @alpianon(https://gitee.com/alpianon) + +### Meetings + - Meeting time: Public meeting time: Beijing time, every Friday afternoon, 14:00~15:00 + - Meeting application: [OpenHarmony SIG-Compliance Meeting Proposal](https://etherpad.openharmony.cn/p/compliance) + - Meeting link: [Meeting link](https://etherpad.openharmony.cn/p/compliance) + - Meeting notification: Please [Subscribe](https://lists.openatom.io/postorius/lists/dev.openharmony.io) mailing list dev@openharmony.io for the conference link + - Meeting-Minutes: [Archive link address](https://gitee.com/openharmony-sig/sig-content) + +### Contact (optional) + +- Mailing list:dev@openharmony.io +- Zulip group:https://zulip.openharmony.cn +- Wechat group:NA +- Mailing list tag:[compliance] \ No newline at end of file diff --git a/sig/sig-compliance/sig_compliance_cn.md b/sig/sig-compliance/sig_compliance_cn.md new file mode 100644 index 0000000..4029e4e --- /dev/null +++ b/sig/sig-compliance/sig_compliance_cn.md @@ -0,0 +1,80 @@ +# SIG-compliance +简体中文 | [English](./sig_compliance.md) + +说明:本SIG的内容遵循OpenHarmony的PMC管理章程 [README](/zh/pmc.md)中描述的约定。 +## 概述 +随着OpenHarmony社区的蓬勃发展,一方面,开发者向社区提交的代码越来越多;另一方面,社区内引入的第三方开源软件越来越多,这使得OpenHarmony版本发布中带来的潜在合规风险也越来越大,社区当前已经引入或者开发了[开源合规审查工具OAT](https://gitee.com/openharmony-sig/tools_oat)、敏感词扫描工具、片段扫描,棱镜七彩等工具,上解决了基础合规问题,但当前的社区的合规活动中依然存在不少的人为环节和需要大量的人力维护,随着社区规模的上升,这将对社区的合规形成巨大的挑战。因此,我们希望基于OAT的基础上,成立合规SIG,借助SIG组织,加强多方联接与投入,拥抱业界开源最佳实践成果,建立开源合规治理的机制和工程体系,包括标准/规范、流程、装备工具、组织。通过工具和工程方法落地这些规则,提供开源合规治理的解决方案或服务给参与社区的组织和个人。 + +## SIG组工作目标和范围 + +### 工作目标 +- 建立OpenHarmony的开源合规工程体系 +- 拟定OpenHarmony的开源合规治理的规则、规范、流程 +- 开发OpenHarmony的开源合规工具 +- 提供OpenHarmony的开源合规服务 + +### 工作范围 +本小组首期核心工作聚焦于社区**开源合规治理工程体系及能力的构建**,根据开源软件及社区开发的生命周期,我们将开源合规分为 +- **来源可信** ( 三方开源软件、社区代码贡献) +- **许可证遵从** ( 三方开源软件许可证兼容、三方开源软件证义务履行、项目许可证) +- **知识产权合规** ( 版权、专利、商标、术语) +- **版本发布合规** ( 贸易合规、发布包许可证) + +本小组工作**包含**以上分类中 +- **工程能力及工具的规划及建设** +- **流程规则的起草及拟定** +- **与社区内及业界组织在工程能力方面协作** +- **合规治理方面最佳实践的引入与对外分享** +- **社区内合规文化与培训** + + +#### **与开源审查工具OAT项目的关系**: +本小组作为一个伞形项目,包含[开源合规审查工具OAT](https://gitee.com/openharmony-sig/tools_oat),即OAT是SIG-Compliance中的一个子项目,也是当前最主要的合规审查工具,本小组一方面会持续演进OAT工具,另一方也会引入业界其他最佳实践及工具,将多种能力进行集成,共同打造合规工程体系 + +#### **与工作委员会下开源合规组的关系**: +原则上,本小组应在开源合规组的指导下完成工程能力的建设,并定期向工作委员会下的开源合规组进行工作汇报 + +本小组**不包含** +- 社区合规及法务问题的官方口径 +- 社区合规及法务问题的最终解释权 +- 社区合规治理标准规范的最终审核权 + + +## 代码仓 +- 代码仓地址: + - SIG-Compliance :https://gitee.com/openharmony/compliance + - OAT开源审查工具 :https://gitee.com/openharmony-sig/tools_oat + +## SIG组成员 + +### Leader +- @jalenchen(https://gitee.com/jalenchen) + +### Committers列表 +- @king-gao (https://gitee.com/king-gao) +- @alec-z (https://gitee.com/alec-z) +- @kubigao (https://gitee.com/kubigao) +- @billwangliang (https://gitee.com/billwangliang) +- @youthdragon (https://gitee.com/youthdragon) +- @jungle8023 (https://gitee.com/jungle8023) +- @yishuangli(https://gitee.com/yishuangli) +- @Rahul Mohan G(rahulmohang@gmail.com) +- @Carlo Piana( piana@array.eu ) +- @alpianon(https://gitee.com/alpianon) +- 欢迎加入 +### Contributor列表 +- 欢迎加入 + +### 会议 + - 会议时间:公开的会议时间:北京时间,每周五 下午,14:00点~15:00点 + - 会议申报:[OpenHarmony SIG-Compliance Meeting Proposal](https://etherpad.openharmony.cn/p/compliance) + - 会议链接:[见链接](https://etherpad.openharmony.cn/p/compliance) + - 会议通知:请[订阅](https://lists.openatom.io/postorius/lists/dev.openharmony.io)邮件列表 dev@openharmony.io 获取会议链接 + - 会议纪要: [归档链接地址](https://gitee.com/openharmony-sig/sig-content) + +### 联系方式(可选) + +- 邮件列表:dev@openharmony.io +- 邮件列表tag [compliance] +- Zulip群组:https://zulip.openharmony.cn +- 微信群:NA -- GitLab