Personal tools
You are here: Home Open Source Compliance Obligation Satisfaction
nrcfoss logo aukbc cdac iit mumbai iit madras ow2 iosn flosscc
Digital India

Obligation Satisfaction

Obligation Satisfaction covers compliance practices needed to satisfy OSS license obligations


1. The organization assures that its third party suppliers provide all information

   that is necessary to satisfy OSS obligations when the product is distributed,

   e.g. copyright notices and attributions, license text, corresponding source

   code that must be made available, etc.

2. The organization defines what modes of external software conveyance

   trigger license obligations and assures that any software thus released

   meets compliance requirements.

3. The organization satisfies obligations in a consistent and disciplined


   a)The organization makes available a repository of license texts and obligation

   requirements to assure consistent interpretation and compliance activities.

   b)The organization provides explicit examples of ways to satisfy obligations.

   c)Skilled and knowledgeable individuals write the OSS-relevant sections of

   product documentation and satisfy the other license obligations that must be


4. The organization places into a software repository the complete source

   code corresponding exactly to each OSS package used in a given

   product release.

   a)Teams provide, as required by specific licenses, the complete source code,

   which may include any associated interface definition files, plus the scripts used

   to control compilation and installation of the executable.

   b)Verification activities are used to assure that corresponding source code for

   the OSS can be built outside the organization’s build environment and that the

   resultant binaries for the OSS packages match the product binaries.

   c)Verification activities assure that source code to be distributed has been

   cleansed of any inappropriate comments.

   d)Verification activities assure that all OSS packages to be distributed have been

   approved by the OSRB.

5. Source code reviews are used during the development phase to assure

   that OSS packages contain necessary and appropriate documentation of

   copyright, attribution, licensing, and change log information.

6. Activities to assess and satisfy OSS license obligations are planned and

   integrated into project schedules to assure that obligations are met in

   time for product release.

7. A defined code distribution mechanism is used to respond to routine

   requests for source code distribution.

   a)The organization defines a code distribution mechanism that satisfies the

   requirements of particular OSS licenses.

   b)A web portal or other face to the community is created to provide online

   access to source code used in company products.

   c)Responsibility for operating the portal is assigned and staffed appropriately.

   d)Procedures are established to assure that correct and complete versions of OSS

   are posted.

   e)The portal is organized in a clear and meaningful way to provide users easy

   access to products’ licensing information and, if appropriate, source code.

8. Individuals or teams responsible for documentation and localization

   activities perform necessary tasks to assure that obligations are met.

   a)Support teams (e.g. supply chain, documentation, IT) are trained in OSS


   b)Involvement of support functions is planned, scheduled, and performed in a

   timely manner.

9. The organization responds to all external compliance requests in a timely


   a)A compliance fulfillment process exists for satisfying routine requests.

   b)Metrics are routinely collected and reported on response time.

   c)A compliance inquiry response process exists.

      i)Response actions are given high priority and issues are escalated to an

      appropriate level of management.

      ii)Appropriate oversight, review, and approval of compliance actions is


      iii)Modifications to the organization’s defined compliance process are made

      as appropriate to prevent recurrence of compliance issues.

   d)Compliance requests are tracked to closure.

   e)If determined to be necessary, efforts to re-write copyrighted code as

   proprietary software under cleanroom conditions are carried out according to a

   defined procedure.


Document Actions