Skip to content

Test-Driven Open Source Compliance Automation Test Case No. 13: a Plain Hello World with JAVA external components, gradle and ambiguous licensing statements

Notifications You must be signed in to change notification settings

Open-Source-Compliance/tdosca-tc13

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TDOSCA-TC3

Test-Driven Open Source Compliance Automation Test Case No. 13: a Plain Hello World with JAVA external components, gradle and ambiguous licensing statements

General Context

The "Test-Driven Open Source Compliance Automation" is an initiative initiated by Deutsche Telekom AG and hosted and driven by the Open Chain Reference Tooling Work Group.

openchain-reference-tooling-work-group-logo.png

The project scope statement and further information of TDOSCA can be found at https://github.com/Open-Source-Compliance/tdosca.

Test Case Definition

Structure

This test case follows the general pattern of a TDOSCA test case:

  • It has its own repository https://github.com/Open-Source-Compliance/tdosca-tc13-plainhw
  • and contains the following parts:
    • compliance-traps.md: describes the traps / challenges implemented by and in the test case [used to manually control whether a tested compliance tool really overcomes all difficulties]
    • input-sources: contains all sources to create the distributable (binary package) [used by the tested tool to create the compliance artifacts]
    • README.md: this file
    • reference-compliance-artifacts: the compliance compliance artifacts a tool (chain) must/should generate
      • bom.csv: a list of all differently licensed open source components of a package
      • oscf.md: the open source compliance file [fulfills the compliance requirements if combined with the distributed source- or binary package]
      • prerequisites.csv: a list of preinstalled tools and libs, required by the software but not delivered as part of the software package

Intention

The test data of this test case (the program sources in input-sources)

  • can be compiled, installed and used by the respective gradle commands called by the gradlew(rapper) script
  • consist of three java files (Main.java, Greeter.java and Tipster.java) and the respective test classes
  • Main includes Greeter includes Tipster. Each part says Hello
  • The main project license is the MIT license, but the classes are licensed deviantly.
  • Additionally
    • Greeter uses the external java lib org.joda.time.LocalTime;
    • Main uses the external java lib org.apache.logging.log4j
    • The JUnit test are licensed as the classes the test.
  • Using gradle with a wrapper (created by gradle wrapper) evokes a compliance trap, because (parts of) gradle would become part of the repository. These parts are licensed under the Apache-V2 license. Hence distributing the repository (even by cloning / downloading it from GitHub) requires, that the gradle compliance artifacts must become part fo the repo although they need not to be added into the distributions created by gradle (gradle distTar etc.).
  • For specific challenges of this test case the compliance-traps.md

Licensing Statement

(c) 2022, Karsten Reincke, Deutsche Telekom AG

  • The software delivered as content of the test case directory input-sources is licensed under the licenses the test case uses to challenge the compliance tools. Contributions take place under the same licenses.

  • Unless otherwise specified, all other files are distributed under the terms of the CC-BY-4.0 license: If you share or adapt ithe test case or files of it, please add the attribution: "based on https://github.com/Open-Source-Compliance/tdosca-tc13-plainhw initiated by Deutsche Telekom AG"

About

Test-Driven Open Source Compliance Automation Test Case No. 13: a Plain Hello World with JAVA external components, gradle and ambiguous licensing statements

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published