1e41f4b71Sopenharmony_ci# OpenHarmony社区开源合规规范及指导 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci## 目的 4e41f4b71Sopenharmony_ci 5e41f4b71Sopenharmony_ci本文档定义的规范确保OpenHarmony社区遵守开源软件许可条款和价值,并遵从第三方知识产权,从开源软件的使用中受益。本文档提供了OpenHarmony社区遵守开源软件合规的共同框架确保许可证合规性,并基于业界最佳实践提升OpenHarmony社区开源合规治理能力,方便社区成员了解如何使用开源软件以及为开源社区进行贡献。 6e41f4b71Sopenharmony_ci 7e41f4b71Sopenharmony_ci## 范围 8e41f4b71Sopenharmony_ci 9e41f4b71Sopenharmony_ci本指导适用于所有参与OpenHarmony社区的贡献者,项目适用范围包含:[OpenHarmony主线](https://gitee.com/openharmony)下代码仓和[OpenHarmony-SIG](https://gitee.com/openharmony-sig)下的代码仓所涉及的项目。 10e41f4b71Sopenharmony_ci 11e41f4b71Sopenharmony_ci## 本文的改进和修订说明 12e41f4b71Sopenharmony_ci 13e41f4b71Sopenharmony_ci1. 本文档由合规SIG主导起草和维护。最新版本可以在 [这里](OpenHarmony社区开源合规规范及指导.md)找到。 14e41f4b71Sopenharmony_ci2. 任何对于本文中涉及的规则的增加,修改,删除都必须可追溯 。 15e41f4b71Sopenharmony_ci3. 最终规则经过社区充分的讨论后,由PMC评审定稿。 16e41f4b71Sopenharmony_ci 17e41f4b71Sopenharmony_ci 18e41f4b71Sopenharmony_ci## 术语和缩略语 19e41f4b71Sopenharmony_ci 20e41f4b71Sopenharmony_ci [开源合规术语与缩略语参考]() 21e41f4b71Sopenharmony_ci 22e41f4b71Sopenharmony_ci## 各阶段合规规范及指导 23e41f4b71Sopenharmony_ci 24e41f4b71Sopenharmony_ci### 引入阶段 25e41f4b71Sopenharmony_ci 26e41f4b71Sopenharmony_ci#### 开源软件许可证使用及评审规范 27e41f4b71Sopenharmony_ci 28e41f4b71Sopenharmony_ci1. [OpenHarmony项目代码许可证规则与特殊许可证评审指导](许可证与特殊许可证评审指导.md) 29e41f4b71Sopenharmony_ci 30e41f4b71Sopenharmony_ci2. [OpenHarmony社区项目已使用代码许可协议说明](https://gitee.com/openharmony#%E8%AE%B8%E5%8F%AF%E5%8D%8F%E8%AE%AE) 31e41f4b71Sopenharmony_ci 32e41f4b71Sopenharmony_ci#### 第三方开源软件开源引入及退出 33e41f4b71Sopenharmony_ci 34e41f4b71Sopenharmony_ci[第三方开源软件引入及退出指导](第三方开源软件引入指导.md) 35e41f4b71Sopenharmony_ci 36e41f4b71Sopenharmony_ci 37e41f4b71Sopenharmony_ci### 开发阶段 38e41f4b71Sopenharmony_ci 39e41f4b71Sopenharmony_ci#### 开源开发许可证、版权、元数据合规规范 40e41f4b71Sopenharmony_ci 41e41f4b71Sopenharmony_ci1. [代码仓许可证与版权声明规范](许可证与版权规范.md) 42e41f4b71Sopenharmony_ci 43e41f4b71Sopenharmony_ci2. [SPDX信息声明规范]() 44e41f4b71Sopenharmony_ci 45e41f4b71Sopenharmony_ci3. 第三方开源软件中补充[上游开源软件元数据声明文件README.OpenSource规范](第三方开源软件上游软件元数据READMEOpenSource文件规范.md) 46e41f4b71Sopenharmony_ci 47e41f4b71Sopenharmony_ci#### 开源开发合规门禁规范 48e41f4b71Sopenharmony_ci 49e41f4b71Sopenharmony_ci1. [开源合规开发门禁要求](https://gitee.com/openharmony/community/blob/master/sig/sig_qa/%E4%BB%A3%E7%A0%81%E9%97%A8%E7%A6%81%E8%A6%81%E6%B1%82.md#codecheck%E6%A3%80%E6%9F%A5) 50e41f4b71Sopenharmony_ci 51e41f4b71Sopenharmony_ci2. [开源门禁工具OAT功能及问题确认说明](https://gitee.com/openharmony-sig/tools_oat#oat%E5%BC%80%E6%BA%90%E5%AE%A1%E6%9F%A5%E5%B7%A5%E5%85%B7) 52e41f4b71Sopenharmony_ci 53e41f4b71Sopenharmony_ci#### 参与上游社区贡献规范 54e41f4b71Sopenharmony_ci 55e41f4b71Sopenharmony_ci[OpenHarmony社区上游开源项目贡献最佳实践及建议](上游开源项目贡献最佳实践及建议.md) 56e41f4b71Sopenharmony_ci 57e41f4b71Sopenharmony_ci 58e41f4b71Sopenharmony_ci### 发布阶段 59e41f4b71Sopenharmony_ci 60e41f4b71Sopenharmony_ci#### 开源义务履行 61e41f4b71Sopenharmony_ci 62e41f4b71Sopenharmony_ci[开源合规交付制品管理规范及指导](开源义务履行合规交付制品管理规范及指导.md) 63e41f4b71Sopenharmony_ci 64e41f4b71Sopenharmony_ci#### 软件物料清单(SBOM)规范 65e41f4b71Sopenharmony_ci 66e41f4b71Sopenharmony_ci1. [OpenHarmony SBOM 生成及交付说明]() 67e41f4b71Sopenharmony_ci 68e41f4b71Sopenharmony_ci2. [OpenHarmony SBOM 审视及问题处理规则]() 69e41f4b71Sopenharmony_ci 70e41f4b71Sopenharmony_ci#### 社区版本发布及SIG孵化毕业开源合规要求 71e41f4b71Sopenharmony_ci 72e41f4b71Sopenharmony_ci1. [SIG 孵化项目毕业开源合规标准](https://gitee.com/openharmony/community/blob/master/sig/sig_qa/guidance_for_incubation_project_graduation_cn.md#sig%E5%AD%B5%E5%8C%96%E9%A1%B9%E7%9B%AE%E6%AF%95%E4%B8%9A%E8%AF%84%E5%AE%A1%E6%A3%80%E6%9F%A5%E9%A1%B9) 73e41f4b71Sopenharmony_ci 74e41f4b71Sopenharmony_ci2. [版本发布开源合规标准](https://gitee.com/openharmony/community/blob/master/sig/sig_qa/%E7%89%88%E6%9C%AC%E8%B4%A8%E9%87%8F%E8%A6%81%E6%B1%82.md) 75e41f4b71Sopenharmony_ci 76e41f4b71Sopenharmony_ci 77e41f4b71Sopenharmony_ci## 二进制合规规范 78e41f4b71Sopenharmony_ci 79e41f4b71Sopenharmony_ci[二进制合规规范]() 80e41f4b71Sopenharmony_ci 81e41f4b71Sopenharmony_ci## 开源合规类issue管理流程 82e41f4b71Sopenharmony_ci 83e41f4b71Sopenharmony_ci[OpenHarmony社区开源合规issue管理流程指导](开源合规类问题管理.md) 84e41f4b71Sopenharmony_ci 85e41f4b71Sopenharmony_ci## 开源合规角色和责任 86e41f4b71Sopenharmony_ci 87e41f4b71Sopenharmony_ci[《开源合规角色职责及能力要求》](https://gitee.com/openharmony/community/blob/master/sig/sig_compliance/docs/%E5%BC%80%E6%BA%90%E5%90%88%E8%A7%84%E8%A7%92%E8%89%B2%E8%81%8C%E8%B4%A3%E5%8F%8A%E8%83%BD%E5%8A%9B%E8%A6%81%E6%B1%82.md) 88e41f4b71Sopenharmony_ci 89e41f4b71Sopenharmony_ci## 开源合规培训资源及要求 90e41f4b71Sopenharmony_ci 91e41f4b71Sopenharmony_ci[《开源合规培训计划》](https://gitee.com/openharmony/community/blob/master/sig/sig_compliance/docs/%E5%BC%80%E6%BA%90%E5%90%88%E8%A7%84%E5%9F%B9%E8%AE%AD%E8%AE%A1%E5%88%92.md) 92e41f4b71Sopenharmony_ci 93e41f4b71Sopenharmony_ci## 未能遵守的后果 94e41f4b71Sopenharmony_ci 95e41f4b71Sopenharmony_ci必须遵守此规范,这一点很重要。不这样做可能会导致: 96e41f4b71Sopenharmony_ci- 使用的代码中的版权或其他知识产权持有人提出法律索赔; 97e41f4b71Sopenharmony_ci- 代码的接收者提出的索赔; 98e41f4b71Sopenharmony_ci- 无意中发布了不允许发布的代码; 99e41f4b71Sopenharmony_ci- 违反监管义务可能导致罚款; 100e41f4b71Sopenharmony_ci- 名誉损失; 101e41f4b71Sopenharmony_ci- 资金损失; 102e41f4b71Sopenharmony_ci- 违反合约。 103e41f4b71Sopenharmony_ci 104e41f4b71Sopenharmony_ci因此,我们会严肃对待违反本规范的行为,任何违反本政策的个人都可能会受到纪律处分。 105e41f4b71Sopenharmony_ci 106e41f4b71Sopenharmony_ci## 开源合规负面事件响应策略 107e41f4b71Sopenharmony_ci《社区开源合规负面事件响应策略》,请参照法务与合规组策略。 108e41f4b71Sopenharmony_ci 109e41f4b71Sopenharmony_ci## 参考文档 110e41f4b71Sopenharmony_ci 111e41f4b71Sopenharmony_ci本文档参考LinuxFoundation compliance generic policy FOSS policy template 112