TrustSource supports a dynamic approach to ensure compliance with open source licenses. This builds on a knowledge base about license knowhow and a deep understanding of the implications the legal and commercial situation of a project have. Alltogether this allows for a comprehensive, adhoc interpretation of the compliance situation.
However, there still might be the demand to tightly control the application of certain licenses or license families. To support the different needs, TrustSource provides the concepts of blacklists and whitelists:
- Blacklist - The blacklist can be used to forbid the usage of a particular license. A license on a blacklist will always appear as a violation. Blacklists cascade. A license put on the corporate blacklist, will be flagged as violation wherever it occurs. Potential scopes of blacklists are corporate, project or module.
- Whitelist - The whitelist allows to create exemptions or explicitly declare a license as valid for a particular scope. The analysis result of a whitelisted license will be overruled with an OK. This allows to declare suitability of a license despite our interpretation. Whitelists follow the same cascade as blacklists: corporate,project and module whitelist.
PLEASE NOTE: All interaction with black or white lists will be recorded in the audit logs!
It is possible to request licenses to be approved for a particular project or module on a white list. This allows for a very restrictive compliance approach. See here for more information about "require whitelisting". We would not recommend this approach due to its typically poor performance.
To get more details on how to manage black and whitelists, see the following articles:
- Blacklisting licenses
- Enforce whitelisting
- Manage whitelisting approvals
Comments
0 comments
Please sign in to leave a comment.