LibreKAT/Ocideck
LibreKAT/Ocideck
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
Ocideck/docs/LICENSE_COMPLIANCE.md
Brenno de Winter 2d8be6f0dd
Some checks failed
CI / Format · Analyze · Test (push) Has been cancelled
Details
CI / Format · Analyze · Test (pull_request) Has been cancelled
Details
Add project docs, EUPL licence, and open-source licence check 
Documentation & licensing:
- Add the EUPL-1.2 licence (LICENSE.md) and set the project licence; refresh
  the README (name origin wink, updated feature list, documentation index).
- Add CONTRIBUTING, SECURITY, CODE_OF_CONDUCT, CHANGELOG, AUTHORS, and
  THIRD_PARTY_NOTICES, plus docs/ (ARCHITECTURE, BUILD, USER_GUIDE, SHORTCUTS,
  LICENSE_COMPLIANCE) and .github/ (CI workflow, issue/PR templates).
- Bring docs/FILE_FORMAT.md in line with current behaviour (code & chart
  slides, per-slide TLP comment, annotation .ink.json sidecar, chart data/ CSVs).

Open-source compliance:
- Add tool/check_licenses.dart and a `make licenses` target (wired into
  check-full and CI) that verifies every resolved dependency uses a recognised
  open-source licence. A scan of all 151 packages and bundled assets found only
  OSI-approved licences.

Charts (Fase 1.1):
- Replace the chart CSV textarea with an in-app editable data grid (editable
  series/labels/values, add/remove row & column, read-only when linked).
- Centralize the linked-CSV directory name (`data/`) in a shared constant.

Also normalize formatting repo-wide with `dart format` and fix one
curly-braces lint, so `make check` and CI are green.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-07 12:19:56 +02:00

66 lines
2.7 KiB
Markdown
Raw Blame History

# OciDeck — Open-Source Licence Compliance
OciDeck is released under the **EUPL-1.2** (see [`../LICENSE.md`](../LICENSE.md)).
This document records the policy that the project only includes open-source
software, how that is verified, and the result of the latest check.
## Policy
Every dependency and every bundled asset must be available under an OSI-approved
open-source licence. No proprietary or source-unavailable components are shipped.
Accepted licence families: **MIT, BSD (2-/3-Clause), Apache-2.0, MPL-2.0, ISC,
Zlib, BSL-1.0, Unlicense, SIL OFL-1.1, CC0** (and EUPL-1.2 for OciDeck itself).
Anything else — in particular GPL/AGPL/LGPL or a missing/unknown licence — is
flagged for review before it can be added.
## How to verify (repeatable)
A script scans the resolved package graph (direct **and** transitive) and
classifies each licence:
```sh
make licenses # or: dart run tool/check_licenses.dart
```
It exits non-zero if any package has an unrecognised or non-open-source licence,
so it also runs as part of `make check-full` and can be wired into CI.
> The script reads each package's `LICENSE` file from `.dart_tool/package_config.json`,
> so run `flutter pub get` first. Re-run it whenever dependencies change.
Bundled (non-package) runtime assets — the JavaScript inlined into the HTML
export and the bundled font — are tracked by hand in
[`../THIRD_PARTY_NOTICES.md`](../THIRD_PARTY_NOTICES.md).
## Latest result
All **151** resolved packages use recognised open-source licences:
| Count | Licence |
| ---: | --- |
| 108 | BSD-3-Clause |
| 30 | MIT |
| 9 | Apache-2.0 |
| 1 | MPL-2.0 (`dbus`, Linux only) |
| 1 | BSD |
| 1 | BSL-1.0 |
| 1 | EUPL-1.2 (OciDeck itself) |
Bundled assets: marked (MIT), highlight.js (BSD-3-Clause), Mermaid (MIT, bundling
DOMPurify under Apache-2.0/MPL-2.0), MathJax (Apache-2.0), and the EB Garamond
font (SIL OFL-1.1, see `assets/fonts/OFL.txt`). The OciDeck-owned brand images in
`assets/images/` and the theme in `assets/themes/` are the project's own work.
**Conclusion: no non-open-source software is included.**
## A note on Apache-2.0 and the EUPL
A few components are Apache-2.0 (e.g. MathJax in the HTML export, and some Dart
packages). Using Apache-2.0 libraries as unmodified dependencies in an EUPL-1.2
work is fine. Note, however, that Apache-2.0 is **not** on the EUPL's list of
"compatible licences" (which governs the *outbound* relicensing of derivative
works under Article 5 EUPL). This only matters if you create a combined
derivative work that must be relicensed; it does not affect bundling these
libraries as-is. If you need formal certainty for a specific distribution
scenario, have it confirmed by someone with licence expertise.
Reference in a new issue View git blame Copy permalink