Comments (8)
nschonni
commented on June 8, 2024
2
That's partially what https://github.com/canada-ca/ore-ero is, but license disclosure is a little different
from open-source-logiciel-libre.
obrien-j
commented on June 8, 2024
1
Getting to something like this would be great for both open source disclosure purposes as well as overall security wins.
from open-source-logiciel-libre.
gcharest
commented on June 8, 2024
1
It is important that as we choose our tools, platforms and solutions for our move to a more open government, we do so in line with our own policy direction.
Whatever we choose to do in the next steps has to be interoperable, substitutable and support innovation for all the teams that will have to work with these.
Also, we do have legislation and policies to abide by and avoiding them because "it's too much work" is not the right approach. Validating the constraints, updating them when required and streamlining whatever processes (even automating) is the best way to ensure that we don't get stopped midway in our adoption of OSS.
from open-source-logiciel-libre.
LaurentGoderre
commented on June 8, 2024
Maintaining such a list would be a huge undertaking. Also that list shows the open source that is apckaged with their released, not the development dependencies used.
from open-source-logiciel-libre.
gcharest
commented on June 8, 2024
Valid points, I think we really are looking at a pilot project for now to manually point to GC projects or indeed packaged OSS in use one the GC.
From a disclosure perspective, we have more work to do either per department or from a government as a whole to figure out the most automated and least intrusive way of doing so.
from open-source-logiciel-libre.
LaurentGoderre
commented on June 8, 2024
GitHub has a dependency graph for dependencies that are defined in a package manager manifest. That could be a good place to start for an automated solution.
from open-source-logiciel-libre.
rgalipeau
commented on June 8, 2024
However that doesn’t factor GitLab and Git in general. Also very often misleading... as many projects only post final project on these social coding sites (which I suspect many departments will do as part of thier Open Source code) and which in turn falsely report who did the commits and the intervals or frequency. Also does not factor the fact that Drupal does not live on GitHub, and it’s certainly one of the most popular and active GC open Source adoption. (At least the DrupalWxT initiative is here, but that doesn’t reflect work being done at Source from a Drupal standpoint as an example)
from open-source-logiciel-libre.
LaurentGoderre
commented on June 8, 2024
@rgalipeau the fact that the automated github approach doesn't cover everything should stop us from potentially using it. ALso for many Drupal distro, the composer file might be just as useful.
from open-source-logiciel-libre.
Related Issues (20)
- Link from pages to the repository HOT 1
- Security HOT 9
- Guidance on engaging the community for contributions HOT 1
- Additional publishing open source guidance HOT 4
- Ensuring that open source software be actively.... HOT 4
- Are we being too specific? HOT 4
- IP still belongs to the Crown HOT 14
- Why reciprocal license restrictions in "Guide for Using Open Source Software"? HOT 10
- Link to actual TBS definition of "open standard". HOT 1
- GPL version and license notices needs improvement HOT 10
- The "open core" section has problems and is not sufficient. HOT 2
- Directive on Automated Decision-Making; Releasing source code. HOT 4
- Guide to apply specific licence needs a bit more details HOT 2
- Considerations for Open Source Software Evaluation HOT 2
- Modeling the OSS Standard in Archimate
- Change "Prior to Starting" to "Open Source Software Acquisition" HOT 1
- Guide for Open Source Software Acquisition and Modeling
- Add redirects for renamed files
- Add new files to navigation
- Change site theme from GCWeb
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from open-source-logiciel-libre.