关于spec文件免责声明的存放位置与内容讨论

关联的[issue](https://gitee.com/openeuler/compliance/issues/I35AEJ)。
在合规SIG例会上针对免责声明存放位置进行了两轮讨论，并形成了两种方案：

**方案1** :

在每一个src-openEuler软件包仓中，固定添加独立的、与SPEC文件并列的SPEC免责声明文件。

**优点** ：方便直观，可通过社区机器人实现建仓自动添加、门禁检查等功能，且不影响下游OSV厂商根据openEuler软件源重新构建软件包。

**缺点** ：

生成的source RPM包（srpm）不含有该免责声明，如通过解压srpm包获得spec文件，免责声明丢失。

openEuler现在第三方软件包数量8000+，在所有的仓库中添加免责声明文件工作量较大。

若免责声明条款发生变更或改动，改动比较麻烦。

**方案2** :

在每一个src-openEuler软件包仓spec文件中，添加独立的免责声明片段。

**优点** ：1、可随srpm包始终包含免责声明，也可通过社区门禁系统判断spec文件是否添加该声明，使每一个提交软件包的社区贡献者均明确的了解到该免责声明信息；2、可在spec文件中添加一个字段，该字段申明免责条款，内容可以附上免责条款链接，而该链接指向的免责条款内容可以附在openEuler官网上。

**缺点** ：下游OSV厂商根据openEuler软件源重新构建软件包时，携带openEuler社区的免责声明是否合适。

欢迎大家对这两种方案提出建议，或者是否还有其它方案，欢迎大家参与讨论。

******
Associated with this [issue](https://gitee.com/openeuler/compliance/issues/I35AEJ)。

At the regular meeting of compliance SIG, two rounds of discussions were held on the place  location of disclaimers, and two solutions were formed:

**Solution 1** :

In each src-openEuler software package repository, add a separate SPEC disclaimer file that is parallel to the SPEC file.

**Advantages** : it is convenient and intuitive. The community robots can be used to automatically add repository,access control check and other functions,and do not affect the downstream OSV vendors to rebuild the software packages based on openEuler software sources.

**Disadvantages** :

The generated source RPM package (srpm) does not contain the disclaimer. If the spec file is obtained by decompressing the srpm package, the disclaimer is lost.

Now openEuler has 8000+ third-party software packages, and the workload of adding disclaimer files in all repository is large.

If the contents of the disclaimer are changed, the changes will be more troublesome.

**Solution 2** :

In each spec file of src- openEuler package repository, add a separate disclaimer fragment.

**Advantages** : 1. The disclaimer can always be included with the srpm package, and it can also be jueged by the community access control system whether to add the disclaimer to the spec file, so that each community contributor who submits the software package can clearly understand the disclaimer information; 2. Add a field to the spec file, which declare the disclaimer, and the content can be attached with a link to the disclaimer, and the link can be pointed to the openEuler official website.

**Disadvantages** : when downstream OSV vendors rebuild the software package based on the openEuler software source, whether it is appropriate to have the disclaimer of the openeuler community.

Welcome to make suggestions on these two solutions, or if there are other solutions, please  participate in the discus.

openEuler/compliance
关闭

内容风险标识

评论 (4)

openEuler/compliance关闭 .gitee-modal { width: 500px !important; }

内容风险标识