Knowledge Tree
ClearlyDefined
Facts (45)
Sources
What Is Open Governance? Drafting a charter for an Open Source ... opensource.org May 9, 2023 45 facts
claimProjects that accept curated contributions from the ClearlyDefined community are deemed 'ClearlyDefined' and no longer require external curation, as they endeavor to self-curate the data.
claimClearlyDefined focuses its scope on licensing metadata, including declared and observed licenses, copyright holders, and source locations (including revision and commit information), to assist with legal obligations and security best practices in Open Source software.
procedureA Data Contributor in the ClearlyDefined project identifies bugs or improvements, forks the repository, and submits a pull request with changes, which they must substantiate with background information and proof of correctness.
claimThe Steering Committee of the ClearlyDefined project is responsible for setting technical direction, overseeing processes (harvest, curate, contribute, serve), empowering the community (data curators, contributors, consumers, and code maintainers), and establishing collaboration with adjacent ecosystem projects.
referenceThe ClearlyDefined project operates under five core principles: Neutral (no affiliation or company-driven focus), Open (data, infrastructure, and processes are open to all), Factual (no interpretation or assessment is made), Upstream (enabling upstream projects), and Simple (using the simplest solution possible).
procedureThe ClearlyDefined project voting process for formal decisions follows these steps: (1) A curator tables a topic by notifying all other curators; (2) Curators vote during an open period lasting at least one working week on an agreed-upon, open medium such as email or GitHub issues; (3) A proposal passes with a minimum of two positive (+1) votes and zero negative (-1) votes, where negative votes must be substantiated; (4) Abstention (0) votes do not affect the outcome.
claimThe ClearlyDefined project provides access to harvested and curated data through both programmatic REST APIs and browsable web properties.
claimThe ClearlyDefined project scope focuses on licensing data, including declared and observed licenses, copyright holders, and source location (including revision and commit information), to make Free and Open Source Software (FOSS) easier to consume.
claimThe ClearlyDefined project requires that all curated data be signed off by at least two curators, though this requirement may be removed through a community vote.
claimThe Steering and Outreach Committees of the ClearlyDefined project are composed of community members who have demonstrated sustained contributions and interest in the long-term health of the project.
procedureGoverning Board meetings for the ClearlyDefined project are private by default, though the Governing Board may choose to hold open community meetings at its discretion.
procedureClearlyDefined community members contribute curated data upstream to receiving projects using automation, while maintaining sensitivity to avoid spamming projects with pull requests.
procedureThe ClearlyDefined project uses GitHub repositories and standard Pull Request workflows on human-readable and diff-able curation artifacts to conduct curation deliberations and discussions.
claimThe Governing Board of the ClearlyDefined project consists of the Executive Director of the Open Source Initiative, the Steering Committee Chair, and the Outreach Committee Chair.
claimCode committers in the ClearlyDefined project have complete control over and responsibility for the operation of the project's harvesting, curation, and serving infrastructure.
procedureClearlyDefined undertakes four main operations: (1) harvesting data embedded in projects, (2) curating the data in an open and collaborative process, (3) contributing clearly defined project data back to Free and Open Source Software (FOSS) projects, and (4) making the data freely and easily accessible.
claimThe OSS Review Toolkit (ORT) is a Linux Foundation project used by organizations for managing Open Source supply chain compliance and security, and it utilizes and promotes the ClearlyDefined project.
perspectiveClearlyDefined aims to help originating projects maintain their own data as a native part of their operations, but when that is not possible, ClearlyDefined maintains the data itself, viewing this maintenance as a 'fork' of the upstream project that should be minimized.
claimMicrosoft continues to play a key role in the ClearlyDefined project while seeking external contributors.
procedureAmending the ClearlyDefined project charter requires a two-thirds majority vote, and amendments take effect immediately after being communicated to the community.
perspectiveThe ClearlyDefined project aims to avoid discussing changes and making decisions behind closed doors to ensure the development process is open and transparent from the beginning.
claimIn the ClearlyDefined project, code committership is independent of data committership, and code committers are elected by a vote of the existing code committer community.
claimThe current governance structure of the ClearlyDefined project does not provide incentives for external organizations to contribute.
claimHarvesting in the ClearlyDefined project is the process of acquiring data from upstream projects, ranging from reading data from canonical locations to analyzing source code with open tools.
procedureThe Outreach Committee of the ClearlyDefined project is responsible for planning and executing promotional efforts, organizing virtual and in-person events, creating educational materials like documentation and webinars, and managing communication channels such as the website and social media.
procedureThe ClearlyDefined project methodology involves crowdsourcing the curation of licensing, security, and accessibility data by harvesting data embedded in projects, curating that data in an open and collaborative process, and contributing the clearly defined project data back to the original FOSS projects.
claimThe role of Data Curator in the ClearlyDefined project is assigned to an individual rather than an organization or a specific organizational position, and curators are not held responsible for errors or flaws in the data merged into the service.
claimA Data Curator in the ClearlyDefined project functions similarly to a project maintainer or committer in typical open source projects, possessing write permissions to the curation repositories and responsibility for admitting data to the curated store.
procedureSteering and Outreach Committee meetings for the ClearlyDefined project are intended to be open to the public, held periodically, and require the Chair to set an agenda and publish meeting minutes.
claimThe responsibilities of the ClearlyDefined project Governing Board include setting strategic direction, managing resources (budget, infrastructure, human resources), and maintaining policies such as the Code of Conduct and trademark policy.
procedureThe ClearlyDefined project governance drafting process involves engaging stakeholders to solicit feedback, which is then used to refine the project charter.
claimThe ClearlyDefined project was originally developed by Microsoft and was donated to the Open Source Initiative approximately five years prior to the publication of this article.
claimThe ClearlyDefined project may implement recognition programs, such as a badging system, to reward project efforts and increase consumer confidence in areas like licensing or security.
claimThe ClearlyDefined project used the governance models of ORT, OpenSSF, SPDX, FOSSology, OpenChain, CNCF, the Todo Group, and the Eclipse Foundation as inspiration for drafting its own charter.
claimIn the ClearlyDefined project, a committer or curator may be removed from their role due to disruptive behavior or extended inactivity through a unanimous vote of the remaining committers or curators.
claimThe curation process in the ClearlyDefined project involves curators (also known as project committers or maintainers) working on harvested data and community-contributed data to validate information with origin project artifacts.
procedureMembers of the Steering and Outreach Committees of the ClearlyDefined project serve one-year terms for the Chair position and are removed from the committee if they resign or remain inactive for more than six months.
claimThe ClearlyDefined project defines its mission as creating a global database of licensing metadata for every Open Source software component ever published.
claimHarvesting tools used by the ClearlyDefined project are fully open and accessible to the community for vetting and inspection, and the inclusion of new tools is subject to a community vote.
claimData Consumers of the ClearlyDefined project access curated or harvested data on an as-is basis, with no guarantees or warranties regarding the correctness or suitability of the data for any particular purpose.
procedureThe ClearlyDefined project operates on a consensus-based model, but when a formal vote is required, it follows a one-vote-per-member rule requiring a majority vote for passage.
claimData Curators in the ClearlyDefined project are required to be vendor-neutral and unbiased, and they are nominated and approved by the project community based on their merits and prior contributions.
measurementFor a vote to be valid in the ClearlyDefined project, at least sixty percent (60%) of the relevant committee members must be present or participating electronically.
claimClearlyDefined addresses the challenge of generating Software Bill of Materials (SBOMs) at scale by serving a cached copy of licensing metadata for components through an API and allowing organizations to contribute corrections for missing or incorrectly identified metadata.
claimThe ClearlyDefined project intends to establish a clear and open governance model to encourage contributions from individuals and organizations, including contributions to the governance of the project itself.