1# OpenHarmony Open-Source Compliance Policy
2
3## Purpose
4
5The policy defined in this document enables the OpenHarmony community to comply with the license terms and values of open-source software and respect third-party intellectual property rights while benefiting from the use of these open-source software. This document provides a common framework for open-source software compliance for the OpenHarmony community, with the goal of ensuring license compliance. It also improves the open-source compliance governance capability of OpenHarmony based on the best practices in the industry, helping community members understand how to use open-source software and contribute to the community.
6
7## Scope
8
9This document applies to all contributors to the OpenHarmony community, including the code repositories under [OpenHarmony](https://gitee.com/openharmony) and those under [OpenHarmony-SIG](https://gitee.com/openharmony-sig).
10
11## Improvements and Revisions
12
13- This document is drafted and maintained by the Compliance SIG. What you are reading now is the latest version of this document.
14- Any addition, modification, or deletion of the specifications mentioned in this document can be traced.
15- The PMC reviews and finalizes the specifications after thorough discussion in the community.
16
17
18## Terms and Abbreviations
19
20  [Open-Source Compliance Terms and Abbreviations]()
21
22## Phase-specific Compliance Policy
23
24### Introduction Phase
25
26#### License Usage and Review Specifications of Open-Source Software
27
28- [Licenses and Special License Review](licenses-and-special-license-review.md)
29
30- [OpenHarmony License Agreement](https://gitee.com/openharmony#license-agreement)
31
32#### Introduction and Exit Specifications of Open-Source Software
33
34[Introducing Open-Source Software](introducing-open-source-software.md)
35
36
37### Development Phase
38
39#### License, Copyright, and Metadata Compliance Specifications
40
41- [License and Copyright Specifications](license-and-copyright-specifications.md)
42
43- [SPDX Information Declaration Specifications]()
44
45- [Specifications for README.OpenSource](readme.opensource_design_specification_document_and_usage_guide.md)
46
47#### Gated Check-In Compliance Specifications
48
49- [Gated Check-In Requirements](https://gitee.com/openharmony/community/blob/master/sig/sig_qa/%E4%BB%A3%E7%A0%81%E9%97%A8%E7%A6%81%E8%A6%81%E6%B1%82.md#codecheck%E6%A3%80%E6%9F%A5)
50
51- [OSS Audit Tool](https://gitee.com/openharmony-sig/tools_oat/blob/master/README.md)
52
53#### Specifications for Participation in Upstream Communities
54
55[Best Practices and Suggestions for Contributions to Upstream Open-Source Projects](best-practices-and-suggestions-for-contributions-to-upstream-open-source-projects.md)
56
57### Release Phase
58
59#### Open-Source Obligation Fulfillment
60
61[Management Policy for Open-Source Compliance Artifacts](management-policy-for-open-source-compliance-artifacts.md)
62
63#### Software Bill of Material (SBOM) Specifications
64
65- [SBOM Generation and Delivery Description]()
66- [SBOM Review and Problem Handling Rules]()
67
68#### Open-Source Compliance Requirements for Community Version Release and SIG Incubation Graduation
69
70- [Open-Source Compliance Requirements for SIG Incubation Graduation](https://gitee.com/openharmony/community/blob/master/sig/sig_qa/guidance_for_incubation_project_graduation.md#graduation-review-checklist)
71
72- [Open-Source Compliance Requirements for Community Version Release](https://gitee.com/openharmony/community/blob/master/sig/sig_qa/%E7%89%88%E6%9C%AC%E8%B4%A8%E9%87%8F%E8%A6%81%E6%B1%82.md)
73
74
75## Binary Compliance Specifications
76
77[Binary Compliance Specifications]()
78
79## Open-Source Compliance Issue Management Process
80
81[Open-Source Compliance Issue Management Process](open-source-compliance-issue-management.md)
82
83## Open-Source Compliance Roles and Responsibilities
84
85[Open-Source Compliance Role and Capability Requirements](https://gitee.com/openharmony/community/blob/master/sig/sig_compliance/docs/%E5%BC%80%E6%BA%90%E5%90%88%E8%A7%84%E8%A7%92%E8%89%B2%E8%81%8C%E8%B4%A3%E5%8F%8A%E8%83%BD%E5%8A%9B%E8%A6%81%E6%B1%82.md)
86
87## Open-Source Compliance Training Resources and Requirements
88
89[Open-Source Compliance Training Plan](https://gitee.com/openharmony/community/blob/master/sig/sig_compliance/docs/%E5%BC%80%E6%BA%90%E5%90%88%E8%A7%84%E5%9F%B9%E8%AE%AD%E8%AE%A1%E5%88%92.md)
90
91## Consequences of Incompliance
92
93It is important to comply with this policy. Failure to do so may result in:
94- Claims raised by copyright holders or intellectual property holders for the code you use
95- Claims raised by the recipient of the code
96- Inadvertently releasing code that is not supposed to be released
97- Fines caused by violation of regulatory obligations
98- Loss of reputation
99- Fund loss
100- Breach of contracts
101
102Any individual who violates this policy may be subject to disciplinary actions.
103
104## Response Policies for Negative Events of Open-Source Compliance
105For details, see the policy released by OpenHarmony GLA.
106
107## References
108
109Linux Foundation Compliance Program: Generic FOSS Policy
110