more clarity on licence breaches

README.md

@@ -44,7 +44,9 @@
 
 [![Screenshot][product-screenshot]](https://phuse-org.github.io/E2E-OS-Guidance/)
 
-This guidance was built through the contributions of [individuals across multiple companies](https://phuse-org.github.io/E2E-OS-Guidance/contributors.html). Please use the issues to 
+This guidance was built through the contributions 
+of [individuals across multiple companies](https://phuse-org.github.io/E2E-OS-Guidance/contributors.html). 
+Please use the issues to 
 reach out if you have suggestions to improve this document. 
 
 <p align="right">(<a href="#readme-top">back to top</a>)</p>

index.qmd

@@ -1,20 +1,37 @@
 # Guidance scope and purpose {.unnumbered}
 
-The primary aim of this collaboration is to provide guidance within the context of how open source is relevant to PhUSE members, and link out to more information to avoid duplication on more generalisable topics. In this guidance, R packages are referenced as an example OSS project that is a focal point today in clinical reporting, but the principles extend to other libraries in python, Julia, javascript, and more. The following topics are covered in this white paper:
+The primary aim of this collaboration is to provide guidance within the context 
+of how open source is relevant to PhUSE members, and link out to more 
+information to avoid duplication on more generalisable topics. In this guidance, 
+R packages are referenced as an example OSS project that is a focal point today 
+in clinical reporting, but the principles extend to other libraries in python, 
+julia, javascript, and more. The following topics are covered in this white paper:
 
 **Using open source**
 
  - Relevance of different licence types
  - Watchouts on governance models and assessing risk
- - Landscape of tools available for vulnerability detection, validation/qualification/risk and enforcing licence policies, with particular reference to R-specific tools
+ - Landscape of tools available for vulnerability detection, 
+ validation, qualification, risk and enforcing licence policies, 
+ with particular reference to R-specific tools
 
 **Releasing open-source**
 
- - A summary and recommendation of licence types, with particular focus on permissive vs copyleft licences and the ramifications on code built on top of your project Relevance of licences present in dependencies, direct vs transitive dependencies, and the issues around compiling with dependencies that could occur in something like a public shiny app
- - Landscape of places to place open-source projects and build collaborative communities
- - Pros/benefits and cons/risks for companies to open-source clinical reporting codebases
- - Governance models for open-source projects with reference to their use today across clinical reporting collaborations
- - Survey and summary of contract types present where intellectual property and copyright is shared between companies
- - Tools available to understand the general health of projects (e.g. LFX tools), with specific reference to R extensions (e.g. metacran, riskmetric, openpharma)
- - Examples of release models, particularly where projects have inter-project dependencies (e.g. tidyverse decoupled release model vs bioconductor cohort release model)
- - Tools for releasing and maintaining projects, with particular reference to tools for R packages
+ - A summary and recommendation of licence types, noting 
+ permissive vs copyleft licences and the ramifications on code built on top of 
+ your project 
+ - Relevance of licences present in dependencies, 
+ direct vs transitive dependencies, and the issues around compiling with 
+ dependencies that could occur in something like a public shiny app
+ - Landscape of places to place open-source projects and build collaborative 
+ communities
+ - Pros/benefits and cons/risks for companies to open-source clinical reporting 
+ codebases
+ - Governance models for open-source projects with reference to their use today 
+ across clinical reporting collaborations
+ - Summary of contract types present where intellectual property 
+ and copyright is shared between companies
+ - Tools available to understand the general health of projects, 
+ with specific reference to R extensions 
+ - Tools for releasing and maintaining projects, with particular reference to 
+ tools for R packages