Common use of Software compliance Clause in Contracts

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository. (If needed a mirror can be put in place under the EGI organisation in GitHub12.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviews. ○ Treating documentation as code. ○ Documentation should be available for developers, administrators, and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository. repository (If if needed a mirror can be put in place under the EGI organisation in GitHub12GitHub15.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviews. ○ Treating documentation as code. ○ Documentation should be available for developersDevelopers, administrators, and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository. (If needed a mirror can be put in place under the EGI organisation in GitHub12GitHub13.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviews. ○ Treating documentation as code. ○ Documentation should be available for developers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like e.g. MIT, BSD, Apache 2.0,...). ● The license should provide Allow to grant unlimited access and exploitation rights to the EGI communityupon request. ● Have source code publicly available via a public source code repository. repository (If if needed a mirror can be put in place under the EGI organisation in GitHub12GitHub15.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewsreviewing. ○ Treating documentation as code. ○ Documentation should be available for developersDevelopers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository. repository (If if needed a mirror can be put in place under the EGI organisation in GitHub12.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewsreviewing. ○ Treating documentation as code. ○ Documentation should be available for developersDevelopers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository. repository (If if needed a mirror can be put in place under the EGI organisation in GitHub12GitHub13.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewsreviewing. ○ Treating documentation as code. ○ Documentation should be available for developersDevelopers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like MIT, BSD, Apache 2.0,...). ● The license licence should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository. repository (If if needed a mirror can be put in place under the EGI organisation in GitHub12GitHub14.) All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewsreviewing. ○ Treating documentation as code. ○ Documentation should be available for developersDevelopers, administrators, and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like e.g. MIT, BSD, Apache 2.0,...). ● The license should provide Allow to grant unlimited access and exploitation rights to the EGI communityupon request. ● Have source code publicly available via a public source code repository. repository (If if needed a mirror can be put in place under the EGI organisation in GitHub12GitHub16.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewsreviewing. ○ Treating documentation as code. ○ Documentation should be available for developersDevelopers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license licence (like MIT, BSD, Apache 2.0,...). ● The license licence should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository. repository (If if needed a mirror can be put in place under the EGI organisation in GitHub12GitHub14.) All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewsreviewing. ○ Treating documentation as code. ○ Documentation should be available for developersDevelopers, administrators, administrators and end users.

Software compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive license (like MIT, BSD, Apache 2.0,...). ● The license should provide unlimited access rights to the EGI community. ● Have source code publicly available via a public source code repository. repository (If if needed a mirror can be put in place under the EGI organisation in GitHub12GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management framework frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. ○ Using code reviewsreviewing. ○ Treating documentation as code. ○ Documentation should be available for developersDevelopers, administrators, and end users.