G4: Deliver FOSS Content Documentation and Artifacts

4.1 Prepare the set of artifacts which represent the output of the FOSS management program for each Supplied Software release. This set is referred to as the Compliance Artifacts which may include (but are not limited to) one or more of the following: source code, attribution notices, copyright notices, copy of licenses, modification notifications, written offers, SPDX documents and so forth.

Verification Artifact(s):

☐ 4.1.1 A documented procedure exists that ensures the Compliance Artifacts are prepared and distributed with Supplied Software release as required by the Identified Licenses.

☐ 4.1.2 Copies of the Compliance Artifacts of the Supplied Software release are archived and easily retrievable, and the archive is planned to exist for at least as long as the Supplied Software is offered or as required by the Identified Licenses (whichever is longer).

Rationale:

Ensure the complete collection of Compliance Artifacts accompany the Supplied Software as required by the Identified Licenses that govern the Supplied Software along with other reports created as part of the FOSS review process.

G4: Deliver FOSS Content Documentation and Artifacts

G4: Deliver FOSS Content Documentation and Artifacts

results matching ""

No results matching ""