-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #25 from phuse-org/issue15
more clarity on licence breaches
- Loading branch information
Showing
5 changed files
with
393 additions
and
84 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,37 @@ | ||
| # Guidance scope and purpose {.unnumbered} | ||
|
|
||
| The primary aim of this collaboration is to provide guidance within the context of how open source is relevant to PhUSE members, and link out to more information to avoid duplication on more generalisable topics. In this guidance, R packages are referenced as an example OSS project that is a focal point today in clinical reporting, but the principles extend to other libraries in python, Julia, javascript, and more. The following topics are covered in this white paper: | ||
| The primary aim of this collaboration is to provide guidance within the context | ||
| of how open source is relevant to PhUSE members, and link out to more | ||
| information to avoid duplication on more generalisable topics. In this guidance, | ||
| R packages are referenced as an example OSS project that is a focal point today | ||
| in clinical reporting, but the principles extend to other libraries in python, | ||
| julia, javascript, and more. The following topics are covered in this white paper: | ||
|
|
||
| **Using open source** | ||
|
|
||
| - Relevance of different licence types | ||
| - Watchouts on governance models and assessing risk | ||
| - Landscape of tools available for vulnerability detection, validation/qualification/risk and enforcing licence policies, with particular reference to R-specific tools | ||
| - Landscape of tools available for vulnerability detection, | ||
| validation, qualification, risk and enforcing licence policies, | ||
| with particular reference to R-specific tools | ||
|
|
||
| **Releasing open-source** | ||
|
|
||
| - A summary and recommendation of licence types, with particular focus on permissive vs copyleft licences and the ramifications on code built on top of your project Relevance of licences present in dependencies, direct vs transitive dependencies, and the issues around compiling with dependencies that could occur in something like a public shiny app | ||
| - Landscape of places to place open-source projects and build collaborative communities | ||
| - Pros/benefits and cons/risks for companies to open-source clinical reporting codebases | ||
| - Governance models for open-source projects with reference to their use today across clinical reporting collaborations | ||
| - Survey and summary of contract types present where intellectual property and copyright is shared between companies | ||
| - Tools available to understand the general health of projects (e.g. LFX tools), with specific reference to R extensions (e.g. metacran, riskmetric, openpharma) | ||
| - Examples of release models, particularly where projects have inter-project dependencies (e.g. tidyverse decoupled release model vs bioconductor cohort release model) | ||
| - Tools for releasing and maintaining projects, with particular reference to tools for R packages | ||
| - A summary and recommendation of licence types, noting | ||
| permissive vs copyleft licences and the ramifications on code built on top of | ||
| your project | ||
| - Relevance of licences present in dependencies, | ||
| direct vs transitive dependencies, and the issues around compiling with | ||
| dependencies that could occur in something like a public shiny app | ||
| - Landscape of places to place open-source projects and build collaborative | ||
| communities | ||
| - Pros/benefits and cons/risks for companies to open-source clinical reporting | ||
| codebases | ||
| - Governance models for open-source projects with reference to their use today | ||
| across clinical reporting collaborations | ||
| - Summary of contract types present where intellectual property | ||
| and copyright is shared between companies | ||
| - Tools available to understand the general health of projects, | ||
| with specific reference to R extensions | ||
| - Tools for releasing and maintaining projects, with particular reference to | ||
| tools for R packages |
Oops, something went wrong.