[Board] incubation and risk

[Jody Garnett]

One nice thing coming out of foss4g presentation and discussion has been
additional questions about incubation, offers to help on the incubation
list and a few good questions.

I have gotten a couple questions about incubation and risk from potential
mentors worried about liability. In response to one of these off-list
questions I have been asked to bounce the current state of play off the
board list.

My understanding is that OSGeo does not provide a formal code audit. We ask
that the software be made available under an open source license, and we
ask projects themselves to perform a minimal sanity check on their codebase
(basically checking the headers and listing known problems - preferably in
an issue tracker).

Our OSGeo badged software is thus use-at-your-own-risk (indeed the open
source licenses all make that pretty clear).

The advantage of incubation:
- the board has some assurance a project is open source before we consider
any promotion
- with list of known problems provide potential users have a head start for
their own audit/risk assessment

So the question from off-list is this:

- Checking that board members understand the current state of play
- Sanity check that OSGeo, and importantly project mentors, are not being
exposed to liability

My own experience of incubation was mentors acting as a guide to what
resources are available. Be that an example of how other projects managed,
or putting us in contact with free software foundation or similar as
required.
--
Jody Garnett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/board/attachments/20140930/a836c43b/attachment.htm>