OSCake

OSCake, the Open Source Compli­ance arti­fact knowl­edge engine com­piles open source com­pli­ance arti­facts. Embed­ded in open-source com­pli­ance tool­chains, it takes the out­put of open-source scan tools. And on the base of the license knowl­edge rep­re­sent­ed in it, OSCake com­putes the real­ly required com­pli­ance arti­facts. Even­tu­al­ly, it gath­ers them in a sin­gle open-source com­pli­ance file that — if bun­dled with the respec­tive col­lec­tion of pro­grams and com­po­nents — allows us to dis­trib­ute this col­lec­tion com­pli­ant­ly.

Repos­i­to­ry

Scope

Posts

In gen­er­al exist­ing scan-tools fol­low the Prin­ci­ple of Over­ful­fill­ment. They gath­er also in all oth­er pack­ages what a spe­cif­ic license requires for a spe­cif­ic com­po­nent. So, they cre­ate ‘over­com­plete’ col­lec­tions of Open Source com­pli­ance arti­facts. Often, the dis­trib­u­tors add them to their prod­ucts hop­ing that the real­ly required arti­facts are some­where in the col­lec­tion. Regard­less of what else might be in it. This is a prob­lem­at­ic strat­e­gy:

• On the one hand, the dis­trib­u­tors must take respon­si­bil­i­ty for incor­rect­ly cre­at­ed com­pli­ance arti­facts even if the respec­tive licens­es do not oblige them to cre­ate or sup­ply them.

• On the oth­er hand, the sur­plus com­pli­ance arti­facts could over­write or lever out the arti­facts which are real­ly nec­es­sary.

The Open Source Compli­ance arti­fact knowl­edge engine fol­lows the Prin­ci­ple of a Con­text-Sen­si­tive License Ful­fill­ment. It com­piles only the com­pli­ance arti­facts required by the rel­e­vant licens­es. To do so, it uses Open Source license knowl­edge inher­ent­ly embed­ded into the respec­tive Domain Spe­cif­ic Lan­guage.

OSCake is devel­oped by Deutsche Telekom — as part of the ini­tia­tive Test Driv­en Open Source Compli­ance Arti­facts, which DT has start­ed under the umbrel­la of the Open Chain-project of the Lin­ux Foun­da­tion. Tech­ni­cal­ly the Open Source Ref­er­ence Tool­ing Work Group hosts the respec­tive code. Thus, OSCake is dis­trib­uted under the terms of the Eclipse Pub­lic License 2.0. As an employ­ee of DTAG and as a mem­ber of its Open Source Pro­gram Office (= Telekom Open Source Com­mit­tees ) I have the hon­or to take part in the devel­op­ment of OSCake at a cen­tral point.

---

And in what way is this …

… part of the over­ar­ch­ing top­ic FOSS Com­pli­ance? For ful­fill­ing the require­ments of FOSS licens­es, we have to con­sid­er spe­cif­ic indi­vid­ual cas­es as well as side effects — for soft­ware, pic­tures, or doc­u­ments. We should unhide trends and write guide­lines. Above all, how­ev­er, we must dri­ve for­ward the automa­tion of license ful­fill­ment, make our licens­ing knowl­edge freely avail­able, cast it into small­er tools, and bring it into larg­er sys­tems: Because FOSS thrives on free­dom through license ful­fill­ment, large and small. That’s what also this arti­cle is about.

---

• OSCake Repos­i­to­ry: https://www.github.com/Open-Source-Compliance/OSCake
• Open Chain Ref­er­ence Tool­ing Work Group home­page: http://oss-compliance-tooling.org/
• Open­Chain home­page: https://www.openchainproject.org/
• Test-Dri­ven Open Source Com­pli­ance Ini­tia­tive: https://github.com/Open-Source-Compliance/tdosca