Common use of Software Compliance Clause in Contracts

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive licence (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration at every point in time. ○ Having automated testing in place. 10 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 11 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Federation ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive licence (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. 11 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 12 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 13 xxxx://xxx.xxx.xx/ 14 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub15.) All releases should be appropriately tagged. ● Adopt best practicespractises: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration at every point in time. ○ Having automated testing in place. 10 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 11 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Federation ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive licence (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. 5 xxxxx://xxxxxxxxx.xxx.xx/public/ShowDocument?docid=3600 6 xxxxx://xxxx.xxxxxx.xxx/display/CODE/Data+Protection+Code+of+Conduct+Home 7 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 8 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 9 xxxx://xxx.xxx.xx/ 10 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub11.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration at every point in time. ○ Having automated testing in place. 10 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 11 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Federation ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive licence license (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub17.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. Ansible or Puppet, .... ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. 10 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 11 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Federation ○ Using code reviewing. ○ Treating documentation as code. 13 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 14 xxxxx://xxxx.xxx.xx/wiki/OMB 15 xxxx://xxx.xxx.xx/ 16 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 17 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive licence (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub17.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. 13 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 14 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 15 xxxx://xxx.xxx.xx/ 16 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 17 xxxxx://xxxxxx.xxx/EGI-Federation ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. Ansible or Puppet, .... ○ Taking security aspects into consideration at every point in time. ○ Having automated testing in place. 10 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 11 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Federation ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.

Software Compliance. Unless explicitly agreed, software being used and developed to provide the service should: ● Be licensed under an open source and permissive licence license (e.g. MIT, BSD, Apache 2.0,...). ● Unless otherwise agreed, be licensed to provide unlimited access and exploitation rights to the EGI Federation. ● Have source code publicly available via a public source code repository (if needed a mirror can be put in place under the EGI organisation in GitHub14GitHub15.) All releases should be appropriately tagged. ● Adopt best practices: ○ Defining and enforcing code style guidelines. 11 xxxxx://xxx.xxx.xx/about/policy/policies_procedures.html 12 xxxxx://xxxx.xxx.xx/wiki/OMB 13 xxxx://xxx.xxx.xx/ 14 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 15 xxxxx://xxxxxx.xxx/EGI-Foundation ○ Using Semantic Versioning. ○ Using a Configuration Management frameworks such as Ansible. ○ Taking security aspects into consideration through at every point in time. ○ Having automated testing in place. 10 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIPP/EGI+Policies+and+Procedures+Home 11 xxxxx://xxxxxxxxxx.xxx.xx/display/EGIBG/Operations+Management+Board 12 xxxx://xxx.xxx.xx/ 13 xxxxx://xxx.xxx.xx/portal/index.php?Page_Type=NGI&id=4 14 xxxxx://xxxxxx.xxx/EGI-Federation ○ Using code reviewing. ○ Treating documentation as code. ○ Documentation should be available for Developers, administrators and end users.