|
|
|
|
|
How can I manage the open source downloads that my
engineers make, so we maximize productivity, but eliminate the risks of
using open source?
There are
four recommended strategies for managing open source within the
engineering environment:
-
Establish an open source policy. The
policy should identify the license types that are acceptable to the
organization (perhaps such as Public Domain, MIT, BSD, and Apache), any
considerations for particular modules or source directories that are
already approved or disapproved, approval process for including open
source and consequences for not following the policy?
-
Isolate 3rd party and open source code in the source
repository. Establish separate directories, or even separate
repositories to hold the 3rd party code. Establish a naming
convention that helps identify the package and version.
-
Track the open source used. Track the URL
downloaded from, the original package, the licenses, and any modifications
to the original package.
-
Review the check-ins and enforce the policy.
For small companies, this can be done manually. For larger
operations, commercial tools such as Source Auditor may greatly aid in the
review of open source check-ins.
Copyright Source Auditor 2008. All rights reserved. |
|
|
|
|
|
|
|
|
|