# OpenHarmony Open-Source Compliance Policy

## Purpose

The policy defined in this document enables the OpenHarmony community to comply with the license terms and values of open-source software and respect third-party intellectual property rights while benefiting from the use of these open-source software. This document provides a common framework for open-source software compliance for the OpenHarmony community, with the goal of ensuring license compliance. It also improves the open-source compliance governance capability of OpenHarmony based on the best practices in the industry, helping community members understand how to use open-source software and contribute to the community.

## Scope

This document applies to all contributors to the OpenHarmony community, including the code repositories under [OpenHarmony](https://gitee.com/openharmony) and those under [OpenHarmony-SIG](https://gitee.com/openharmony-sig).

## Improvements and Revisions

- This document is drafted and maintained by the Compliance SIG. What you are reading now is the latest version of this document.
- Any addition, modification, or deletion of the specifications mentioned in this document can be traced.
- The PMC reviews and finalizes the specifications after thorough discussion in the community.


## Terms and Abbreviations

  [Open-Source Compliance Terms and Abbreviations]()

## Phase-specific Compliance Policy

### Introduction Phase

#### License Usage and Review Specifications of Open-Source Software

- [Licenses and Special License Review](licenses-and-special-license-review.md)

- [OpenHarmony License Agreement](https://gitee.com/openharmony#license-agreement)

#### Introduction and Exit Specifications of Open-Source Software

[Introducing Open-Source Software](introducing-open-source-software.md)


### Development Phase

#### License, Copyright, and Metadata Compliance Specifications

- [License and Copyright Specifications](license-and-copyright-specifications.md)

- [SPDX Information Declaration Specifications]()

- [Specifications for README.OpenSource](readme.opensource_design_specification_document_and_usage_guide.md)

#### Gated Check-In Compliance Specifications

- [Gated Check-In Requirements](https://gitee.com/openharmony/community/blob/master/sig/sig_qa/%E4%BB%A3%E7%A0%81%E9%97%A8%E7%A6%81%E8%A6%81%E6%B1%82.md#codecheck%E6%A3%80%E6%9F%A5)

- [OSS Audit Tool](https://gitee.com/openharmony-sig/tools_oat/blob/master/README.md)

#### Specifications for Participation in Upstream Communities

[Best Practices and Suggestions for Contributions to Upstream Open-Source Projects](best-practices-and-suggestions-for-contributions-to-upstream-open-source-projects.md)

### Release Phase

#### Open-Source Obligation Fulfillment

[Management Policy for Open-Source Compliance Artifacts](management-policy-for-open-source-compliance-artifacts.md)

#### Software Bill of Material (SBOM) Specifications

- [SBOM Generation and Delivery Description]()
- [SBOM Review and Problem Handling Rules]()

#### Open-Source Compliance Requirements for Community Version Release and SIG Incubation Graduation

- [Open-Source Compliance Requirements for SIG Incubation Graduation](https://gitee.com/openharmony/community/blob/master/sig/sig_qa/guidance_for_incubation_project_graduation.md#graduation-review-checklist)

- [Open-Source Compliance Requirements for Community Version Release](https://gitee.com/openharmony/community/blob/master/sig/sig_qa/%E7%89%88%E6%9C%AC%E8%B4%A8%E9%87%8F%E8%A6%81%E6%B1%82.md)


## Binary Compliance Specifications

[Binary Compliance Specifications]()

## Open-Source Compliance Issue Management Process

[Open-Source Compliance Issue Management Process](open-source-compliance-issue-management.md)

## Open-Source Compliance Roles and Responsibilities

[Open-Source Compliance Role and Capability Requirements](https://gitee.com/openharmony/community/blob/master/sig/sig_compliance/docs/%E5%BC%80%E6%BA%90%E5%90%88%E8%A7%84%E8%A7%92%E8%89%B2%E8%81%8C%E8%B4%A3%E5%8F%8A%E8%83%BD%E5%8A%9B%E8%A6%81%E6%B1%82.md)

## Open-Source Compliance Training Resources and Requirements

[Open-Source Compliance Training Plan](https://gitee.com/openharmony/community/blob/master/sig/sig_compliance/docs/%E5%BC%80%E6%BA%90%E5%90%88%E8%A7%84%E5%9F%B9%E8%AE%AD%E8%AE%A1%E5%88%92.md)

## Consequences of Incompliance

It is important to comply with this policy. Failure to do so may result in:
- Claims raised by copyright holders or intellectual property holders for the code you use
- Claims raised by the recipient of the code
- Inadvertently releasing code that is not supposed to be released
- Fines caused by violation of regulatory obligations
- Loss of reputation
- Fund loss
- Breach of contracts

Any individual who violates this policy may be subject to disciplinary actions.

## Response Policies for Negative Events of Open-Source Compliance
For details, see the policy released by OpenHarmony GLA.

## References

Linux Foundation Compliance Program: Generic FOSS Policy