Review Request for Support - "Whose Clone is it Anyway?"
Problem to solve
I had a conversation with Slinger Jansen, Utrecht University, the Netherlands
There is a proposal for a project which would help identify code being used in a project more reliably.
As seen in Allow dependency scanning to look at library fingerprints and Detect opensource software in project this is a desired and requested feature.
Users are concerned and want to be aware when open source, or code found posted on the internet, is used in whole or in part within their software. This could be for compliance reasons (verification of compliant licenses, requirement to provide a Dependency List or License List), or security reasons (checking if that reused code has known vulnerabilities). They may also be trying to look for positively intended additions (copy pasting code online that seemed free), or circumvention of policies (being prohibited from using a specific library, but copying a portion of the library to avoid detection that it was used).
Intended users
Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ -->
Further details
We should review and discuss the executive summary and see if we wish to provide a letter of support. If we do, we should seek legal advice on if we are permitted to do so.
Proposal
Provide support (written) for the project, and consider utilization of the code in the future if the project gets funded. If we utilize the code we can also look into contributing (and encouraging contribution) back if we find that useful for features requested by our users.
Next Steps
-
Draft letter of support @NicoleSchwartz -
product approval @ddesanto -
engineering approval @tstadelhofer -
legal review