Licensing the whole stack of an application under a Free and Open Source License

When building Free Software in the computational common, it is important to know the materials used for building the Software. The moment I add a dependency to my project, it becomes my responsibility to care and cater for it. This procedure is called vendoring and extends the liability of an application developer to included components and Software-as-a-Service vendors made use of.

This has implications for providing computational Commones, such as There are means to work around the complications provided by proprietary components in an open, distributed system.

  1. Choose an open source license that fits your case and only use Free Software
  2. Use automatic tooling to build up a Bill of Materials that make up the entirety of your system
  3. Build this automation with tooling that is available as Free Software

Reproduced from:

and republished here under the CC BY 4.0 Creative Commons Attribution 4.0 International license.

The conversation happens in three parts:

Ein Beitrag wurde in ein neues Thema verschoben: What is a good open source license to choose?

Ein Beitrag wurde in ein neues Thema verschoben: Software Bill of Materials (SBOM) and the Software Package Data Exchange (SPDX)

Ein Beitrag wurde in ein neues Thema verschoben: What to build an SPDX inventory in GitLab CI with?