outsourcing source code distribution requirements
play

Outsourcing Source Code Distribution Requirements Alexios Zavras, - PowerPoint PPT Presentation

Jan 30, 2023 •124 likes •420 views

Outsourcing Source Code Distribution Requirements Alexios Zavras, Stefano Zacchiroli Intel, alexios.zavras@intel.com Sofware Heritage, zack@upsilon.cc 4 February 2018 FOSDEM Brussels, Belgium Alexios Zavras, Stefano Zacchiroli Outsourcing

  1. Outsourcing Source Code Distribution Requirements Alexios Zavras, Stefano Zacchiroli Intel, alexios.zavras@intel.com Sofware Heritage, zack@upsilon.cc 4 February 2018 FOSDEM Brussels, Belgium Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 1 / 19

  2. The setup Intel delivers a lot of sofware Sofware is a combination of own and FOSS components Many components have a legal source code distribution requirement we also might deliver source in other cases Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 2 / 19

  3. The legal requirement For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. — GPLv2 Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 3 / 19

  4. Complete Corresponding Source (CCS) Different terms used GPLv2: “complete corresponding machine-readable source code” / “accompany” GPLv3: “Corresponding Source” / “convey” MPLv2: “Source Code Form” / “made available” EPLv2: “Source Code” / “made available” Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 4 / 19

  5. The problem In an ideal world Fool-proof processes in place Set it up once, always working Practical considerations People change roles or leave Re-organizations happen Things get forgoten Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 5 / 19

  6. Use cases Trying to build an internal service: Our delivery contains our own FOSS sw.tar.gz Our delivery contains gcc-7.3 Our delivery contains gcc snapshot of revision 257214 Our delivery contains gcc-7.3 patched with patches.tar.gz Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 6 / 19

  7. Functional requirements We need to be able to: provide our own sofware package refer to a “well-known” FOSS component with release version or unique revision combine the two well-known component with own patches Great Idea Can we outsource the fulfilment of these requirements? Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 7 / 19

  8. The idea Is it compliant? GPL FAQ: Can I put the binaries on my Internet server and put the source on a different Internet site? [v3] Yes. Section 6(d) allows this. However, you must provide clear instructions people can follow to obtain the source, and you must take care to make sure that the source remains available for as long as you distribute the object code. [v2] The GPL says you must offer access to copy the source code “from the same place”; that is, next to the binaries. However, if you make arrangements with another site to keep the necessary source code available, and put a link or cross-reference to the source code next to the binaries, we think that qualifies as “from the same place”. Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 8 / 19

  9. The idea Is it compliant? GPL FAQ: Can I put the binaries on my Internet server and put the source on a different Internet site? [v3] Yes. Section 6(d) allows this. However, you must provide clear instructions people can follow to obtain the source, and you must take care to make sure that the source remains available for as long as you distribute the object code. [v2] The GPL says you must offer access to copy the source code “from the same place”; that is, next to the binaries. However, if you make arrangements with another site to keep the necessary source code available, and put a link or cross-reference to the source code next to the binaries, we think that qualifies as “from the same place”. Wouldn’t it be great if someone could fulfill our requirements? Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 8 / 19

  10. The Sofware Heritage Project THE GREAT LIBRARY OF SOURCE CODE Our mission Collect, preserve and share the source code of all the sofware that is publicly available. Past, present and future Preserving the past, enhancing the present, preparing the future. Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 9 / 19

  11. Our principles Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 10 / 19

  12. Our principles In for the long haul Open approach open source non profit transparency replication Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 10 / 19

  13. Data flow software Forges GitHub origins lister Git loader git git GitLab lister git Mercurial Software Heritage git loader Archive . . hg svn hg . . svn Distros Merkle DAG hg . . + svn blob storage dsc Debian source Debian dsc package loader lister tar tar loader zip PyPi lister Package repos Listing Loading (full/incremental) & deduplication ... Scheduling Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 11 / 19

  14. Archive coverage Current sources live: GitHub, Debian one-off: Gitorious, Google Code WIP: Bitbucket Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 12 / 19

  15. Archive coverage Current sources live: GitHub, Debian one-off: Gitorious, Google Code WIP: Bitbucket 150 TB blobs, 5 TB database (as a graph: 7 B nodes + 60 B edges) Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 12 / 19

  16. Archive coverage Current sources live: GitHub, Debian one-off: Gitorious, Google Code WIP: Bitbucket 150 TB blobs, 5 TB database (as a graph: 7 B nodes + 60 B edges) The richest public source code archive, ... and growing daily! Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 12 / 19

  17. Pushing source code to Sofware Heritage Deposit service complement regular (pull) crawling of forges and distributions restricted access (i.e., not a warez dumpster!) deposit.softwareheritage.org Tech bits SWORD 2.0 compliant server, for digital repositories interoperability RESTful API for deposit and monitoring, with CLI wrapper Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 13 / 19

  18. Prepare a deposit Prepare source code tarball $ tar caf software.tar.gz /path/to/software/ Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 14 / 19

  19. Prepare a deposit Prepare source code tarball $ tar caf software.tar.gz /path/to/software/ Associate metadata $ cat > software.tar.gz.metadata.xml <?xml version="1.0"?> <entry xmlns="http://www.w3.org/2005/Atom" xmlns:codemeta="https://doi.org/10.5063/SCHEMA/CODEMETA-2.0"> <title>Je suis GPL</title> <codemeta:url>https://forge.softwareheritage.org/source/jesuisgpl/</codemeta:url> <codemeta:author> <codemeta:name>Stefano Zacchiroli</codemeta:name> <codemeta:jobTitle>Maintainer</codemeta:jobTitle> </codemeta:author> </entry> ^D Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 14 / 19

  20. Send a deposit $ swh-deposit --username ’name’ --password ’pass’ \ --archive software.tar.gz Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 15 / 19

  21. Send a deposit $ swh-deposit --username ’name’ --password ’pass’ \ --archive software.tar.gz { ’deposit_id’: ’11’, ’deposit_status’: ’deposited’, ’deposit_date’: ’Jan. 30, 2018, 9:37 a.m.’ } Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 15 / 19

  22. Ingestion status partial deposited verified done rejected failed Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 16 / 19

  23. Ingestion status partial deposited verified done rejected failed $ swh-deposit --username ’name’ --pass ’secret’ \ --deposit-id ’11’ --status Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 16 / 19

  24. Ingestion status partial deposited verified done rejected failed $ swh-deposit --username ’name’ --pass ’secret’ \ --deposit-id ’11’ --status { ’deposit_id’: 11, ’deposit_status’: ’done’, ’deposit_status_detail’: The deposit has been successfully loaded into the Software Heritage archive’, ’deposit_swh_id’: ’swh:1:rev:a86747d201ab8f8657d145df4376676d5e47cf9f’ } Alexios Zavras, Stefano Zacchiroli Outsourcing Source Code Distribution Requirements FOSDEM 2018 16 / 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Compiling and Linking C code Assembly C Source C Source C Source Source .c Code Code Code

Compiling and Linking C code Assembly C Source C Source C Source Source .c Code Code Code

Advanced Programming Modular Programming in C Modular Programming Intro n It is not possible to create complex programs using a single source file: n Compiling is slow n Difficult reuse of functions n Impossible collaboration among

513 views • 17 slides
Software Engineering for Outsourcing and Offshoring Bertrand Meyer Peter Kolb ETH course,

Software Engineering for Outsourcing and Offshoring Bertrand Meyer Peter Kolb ETH course,

Software Engineering for Outsourcing and Offshoring Bertrand Meyer Peter Kolb ETH course, Winter 2006-2007 Part 2: Requirements engineering Requirements engineering topics 1: Overview 2: Standards &amp; methods 3: Requirements elicitation

2.01k views • 190 slides
Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code introduced in source code because of various reasons. e.g. copy-and-paste makes software maintenance difficult. It is necessary to It is

488 views • 9 slides
Outsourcing Overview Value Driven Engineering Value Driven Engineering Outsourcing is one

Outsourcing Overview Value Driven Engineering Value Driven Engineering Outsourcing is one

Outsourcing Overview Value Driven Engineering Value Driven Engineering Outsourcing is one available tool in Mustangs diversified toolkit, but not an all encompassing primary strategy Outsourcing will be used when it makes sense

439 views • 8 slides
in practice source code source code javac scalac groovyc jrubyc 0xCAFEBABE byte code

in practice source code source code javac scalac groovyc jrubyc 0xCAFEBABE byte code

Java byte code in practice source code source code javac scalac groovyc jrubyc 0xCAFEBABE byte code source code javac scalac groovyc jrubyc 0xCAFEBABE byte code class loader interpreter JIT compiler JVM source code javac

1.6k views • 149 slides
New Mek Solution New Mek Solution ns is IT/Software ns is IT/Software outsourcing a and

New Mek Solution New Mek Solution ns is IT/Software ns is IT/Software outsourcing a and

New Mek Solution New Mek Solution ns is IT/Software ns is IT/Software outsourcing a and product development nt company. Our vision is to aim 100% aut automation of the business at-par with ever changing custom tomer requirements to

563 views • 15 slides
Structural Testing Maurcio Aniche M.F.Aniche@tudelft.nl SPECIFICATION Requirements Models

Structural Testing Maurcio Aniche M.F.Aniche@tudelft.nl SPECIFICATION Requirements Models

Structural Testing Maurcio Aniche M.F.Aniche@tudelft.nl SPECIFICATION Requirements Models Structure (e.g., source code) SPECIFICATION Requirements Models Structure (e.g., source code) public int public int play( int int left, int

1.48k views • 96 slides
State-of-the-Art ! 30-85 errors are made per 1000 lines of source CS 619 Introduction to OO Design

State-of-the-Art ! 30-85 errors are made per 1000 lines of source CS 619 Introduction to OO Design

State-of-the-Art ! 30-85 errors are made per 1000 lines of source CS 619 Introduction to OO Design code and Development ! extensively tested software contains 0.5-3 errors per 1000 lines of source code Testing ! error distribution: 60%

410 views • 12 slides
A new open source approach for requirements and architecture A new open source approach for

A new open source approach for requirements and architecture A new open source approach for

A new open source approach for requirements and architecture A new open source approach for requirements and architecture WHY?! Traceability? Why do I care? Document the project Plan better Reduce uncertainty QA Bug fixing Mustard

653 views • 27 slides
Blaise Source Code Blaise Source Code Editing System Presenter: Danilo Gutierrez C Co-author:

Blaise Source Code Blaise Source Code Editing System Presenter: Danilo Gutierrez C Co-author:

Blaise Source Code Blaise Source Code Editing System Presenter: Danilo Gutierrez C Co-author: Sheila Deskins th Sh il D ki Health and Retirement Study (HRS) The 11th International Blaise Conference Annapolis, Maryland September 2007

577 views • 47 slides
Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a computationally weak client to outsource its computation to an untrusted server. = () Main security concerns: 1. Correctness:

377 views • 4 slides
What is a Compiler? Compiler A program that translates code in one language (source code) to

What is a Compiler? Compiler A program that translates code in one language (source code) to

CS 426 Lecture 1: Course Overview What is a Compiler? Compiler A program that translates code in one language (source code) to code in another language (target code). Usually, target code is semantically equivalent to source code, but not

905 views • 11 slides
Bankruptcy Code The Bankruptcy Code (Chapter 11 of the USC) is the source of all bankruptcy

Bankruptcy Code The Bankruptcy Code (Chapter 11 of the USC) is the source of all bankruptcy

Source of Bankruptcy Law The Bankruptcy Code The Bankruptcy Code (Chapter 11 of the USC) is the source of all bankruptcy law. The code is very detailed, and resort to case law is less necessary than with other areas of law. Federal

365 views • 8 slides
&lt;659&gt; Packaging and Storage Requirements and &lt;1079&gt; Good Storage and Distribution

&lt;659&gt; Packaging and Storage Requirements and &lt;1079&gt; Good Storage and Distribution

&lt;659&gt; Packaging and Storage Requirements and &lt;1079&gt; Good Storage and Distribution Practices: Highlights Robert Seevers, Ph.D. Packaging and Distribution Expert Committee Member May 17-18, 2018 Washington, DC Good Distribution

371 views • 25 slides
Evolving nVidia GPU parallel source code W. B. Langdon CREST Department of Computer Science

Evolving nVidia GPU parallel source code W. B. Langdon CREST Department of Computer Science

Evolving nVidia GPU parallel source code W. B. Langdon CREST Department of Computer Science 21.3.2012 Evolving GPU source code talk me, time you Using genetic programming to create C source code How? Why? Proof of

453 views • 28 slides
Lectures 3/ 4: Requirements Analysis Statements about requirements: Brooks Source*: Brooks 87

Lectures 3/ 4: Requirements Analysis Statements about requirements: Brooks Source*: Brooks 87

Chair of Softw are Engineering Software engineering for outsourced and offshore development Peter Kolb, Bertrand Meyer Fall semester 2007 Lectures 3/ 4: Requirements Analysis Statements about requirements: Brooks Source*: Brooks 87 The

1.23k views • 111 slides
Adversaries &amp; Interpretability SIDN: An IAP Practicum Shibani Santurkar Dimitris Tsipras

Adversaries &amp; Interpretability SIDN: An IAP Practicum Shibani Santurkar Dimitris Tsipras

Adversaries &amp; Interpretability SIDN: An IAP Practicum Shibani Santurkar Dimitris Tsipras gradient-science.org Outline for today 1. Simple gradient explanations Exercise 1: Gradient saliency Exercise 2: SmoothGrad 2. Adversarial

534 views • 37 slides
Near-Optimal Pseudorandom Generators for Constant-Depth Read-Once Formulas Dean Doron 1 Pooya

Near-Optimal Pseudorandom Generators for Constant-Depth Read-Once Formulas Dean Doron 1 Pooya

Near-Optimal Pseudorandom Generators for Constant-Depth Read-Once Formulas Dean Doron 1 Pooya Hatami 2 William M. Hoza 3 UT Austin Stanford UT Austin Ohio State UT Austin BIRS Workshop 19w5088 July 8, 2019 1Supported by NSF Grant

1.69k views • 139 slides
Three Fools and a Wise Woman (1 Samuel 25) I hope youre enjoying our sermon series on

Three Fools and a Wise Woman (1 Samuel 25) I hope youre enjoying our sermon series on

Belmont UMC / Feb. 4, 2018 Profiles in Courage, Grace, and Wisdom (#3) Three Fools and a Wise Woman (1 Samuel 25) I hope youre enjoying our sermon series on Profiles in Courage, Grace, and Wisdom, which focuses on the

472 views • 6 slides
Fool Proof Luke 24:13-35 April 1, 2018 1957 Swiss Spaghetti Harvest 1976 Zero-G Day

Fool Proof Luke 24:13-35 April 1, 2018 1957 Swiss Spaghetti Harvest 1976 Zero-G Day

Fool Proof Luke 24:13-35 April 1, 2018 1957 Swiss Spaghetti Harvest 1976 Zero-G Day 1998 Left-Handed Whopper 1993 Lightning Strike First Easter April Fools Day Fool Proof And he said to them, O foolish ones, and slow of

484 views • 24 slides
For the wise men of old, the cardinal problem of human life was how to conform the soul to

For the wise men of old, the cardinal problem of human life was how to conform the soul to

For the wise men of old, the cardinal problem of human life was how to conform the soul to objective reality, and the solution was wisdom, self-discipline, and virtue. For the modern, the cardinal problem is how to conform reality to the

351 views • 10 slides
Living in a fools wireless - secured paradise Stefan Kiese Topics Wireless (consumer)

Living in a fools wireless - secured paradise Stefan Kiese Topics Wireless (consumer)

Living in a fools wireless - secured paradise Stefan Kiese Topics Wireless (consumer) alarm systems Hardware Software Hacking it ;) 2015/10/02 Stefan Kiese 2 About me Security Analyst @ ERNW Heidelberg, Germany

690 views • 23 slides
Learning Universal Adversarial Perturbations with Generative Models Jamie Hayes &amp; George

Learning Universal Adversarial Perturbations with Generative Models Jamie Hayes &amp; George

Learning Universal Adversarial Perturbations with Generative Models Jamie Hayes &amp; George Danezis UCL Adversarial examples transfer between different models. An adversarial example crafted against one model will generally fool other models.

515 views • 18 slides
Data Sovereignty The importance of geolocating data in the cloud Zachary N J Peterson Mark

Data Sovereignty The importance of geolocating data in the cloud Zachary N J Peterson Mark

HotCloud 2011 Data Sovereignty The importance of geolocating data in the cloud Zachary N J Peterson Mark Gondree Rob Beverly Your Data is Here But, maybe it should be here Or Here? Breaking the Abstraction Is data within some political

584 views • 20 slides

More recommend