@@ -11,8 +11,9 @@ description: |
1111controls :
1212 - id : OSPS-LE-01
1313 title : |
14- Require code contributors to assert that they are legally authorized to
15- commit
14+ The version control system MUST require all code contributors to assert
15+ that they are legally authorized to make the associated contributions
16+ on every commit.
1617objective : |
1718 Ensure that code contributors are aware of and acknowledge their legal
1819 responsibility for the contributions they make to the project, reducing
@@ -35,9 +36,9 @@ controls:
3536 assessment-requirements :
3637 - id : OSPS-LE-01.01
3738 text : |
38- The version control system MUST require all code contributors to assert
39- that they are legally authorized to commit the associated contributions
40- on every commit.
39+ While active, the version control system MUST require all code
40+ contributors to assert that they are legally authorized to make the
41+ associated contributions on every commit.
4142applicability :
4243 - Maturity Level 2
4344 - Maturity Level 3
@@ -46,11 +47,13 @@ controls:
4647 contributors to assert that they are legally authorized to commit the
4748 associated contributions on every commit. Use a status check to ensure
4849 the assertion is made.
50+ Some version control systems, such as GitHub, may include this in the
51+ platform terms of service.
4952
5053id : OSPS-LE-02
5154 title : |
52- Ensure that the license for the source code meets the OSI Open Source
53- Definition or the FSF Free Software Definition
55+ All licenses for the project MUST meet the OSI Open Source Definition
56+ or the FSF Free Software Definition.
5457objective : |
5558 Ensure that the project's source code is distributed under a recognized
5659 and legally enforceable open source software license, providing clarity on
@@ -73,8 +76,8 @@ controls:
7376 assessment-requirements :
7477 - id : OSPS-LE-02.01
7578 text : |
76- The license for the source code MUST meet the OSI Open Source Definition
77- or the FSF Free Software Definition.
79+ While active, the license for the source code MUST meet the OSI Open
80+ Source Definition or the FSF Free Software Definition.
7881applicability :
7982 - Maturity Level 1
8083 - Maturity Level 2
@@ -87,10 +90,27 @@ controls:
8790 Apache 2.0, Lesser GNU General Public License (LGPL), and the GNU
8891 General Public License (GPL). Releasing to the public domain meets
8992 this control if there are no other encumbrances such as patents.
93+ id : OSPS-LE-02.02
94+ text : |
95+ While active, the license for the released software assets MUST meet
96+ the OSI Open Source Definition or the FSF Free Software Definition.
97+ applicability :
98+ - Maturity Level 1
99+ - Maturity Level 2
100+ - Maturity Level 3
101+ recommendation : |
102+ If a different license is included with released software assets,
103+ ensure it is an approved license by the Open Source Initiative (OSI),
104+ or a free license as approved by the Free Software Foundation (FSF).
105+ Examples of such licenses include the MIT, BSD 2-clause, BSD 3-clause
106+ revised, Apache 2.0, Lesser GNU General Public License (LGPL), and the
107+ GNU General Public License (GPL). Note that the license for the
108+ released software assets may be different than the source code.
90109
91110id : OSPS-LE-03
92111 title : |
93- Maintain an open source license for the project in a standard location
112+ All licenses for the project's source code MUST be maintained in a
113+ standard location within the corresponding repository.
94114objective : |
95115 Ensure that the project's source code and released software assets are
96116 distributed with the appropriate license terms, making it clear to users
@@ -111,8 +131,9 @@ controls:
111131 assessment-requirements :
112132 - id : OSPS-LE-03.01
113133 text : |
114- The license for the source code MUST be maintained in a standard
115- location within the project's repository.
134+ While active, the license for the source code MUST be maintained in
135+ the corresponding repository's LICENSE file, COPYING file, or
136+ LICENSE/ directory.
116137applicability :
117138 - Maturity Level 1
118139 - Maturity Level 2
@@ -121,19 +142,22 @@ controls:
121142 Include the project's source code license in the project's LICENSE
122143 file, COPYING file, or LICENSE/ directory to provide visibility and
123144 clarity on the licensing terms. The filename MAY have an extension.
145+ If the project has multiple repositories, ensure that each repository
146+ includes the license file.
124147id : OSPS-LE-03.02
125148 text : |
126- The license for the released software assets MUST meet the OSI Open
127- Source Definition or the FSF Free Software Definition.
149+ While active, the license for the released software assets MUST be
150+ included in the released source code, or in a LICENSE file, COPYING
151+ file, or LICENSE/ directory alongside the corresponding release
152+ assets.
128153applicability :
129154 - Maturity Level 1
130155 - Maturity Level 2
131156 - Maturity Level 3
132157 recommendation : |
133- If a different license is included with released software assets,
134- ensure it is an approved license by the Open Source Initiative (OSI),
135- or a free license as approved by the Free Software Foundation (FSF).
136- Examples of such licenses include the MIT, BSD 2-clause, BSD 3-clause
137- revised, Apache 2.0, Lesser GNU General Public License (LGPL), and the
138- GNU General Public License (GPL). Note that the license for the
139- released software assets may be different than the source code.
158+ Include the project's released software assets license in the released
159+ source code, or in a LICENSE file, COPYING file, or LICENSE/ directory
160+ alongside the corresponding release assets to provide visibility and
161+ clarity on the licensing terms. The filename MAY have an extension.
162+ If the project has multiple repositories, ensure that each repository
163+ includes the license file.
0 commit comments