Clio

Από Ελεύθερο Λογισμικό / Λογισμικό ανοιχτού κώδικα
Μετάβαση σε: πλοήγηση, αναζήτηση

Clio — Software Components and IP Management System

Name

The system is named "CLIO".

Clio is the muse of history, and, as the Proclaimer, she is keeping detailed records.

CLIO is also a backronym for the system of maintaining Components, Licenses, Ip and Other information.


Terms

CLIO: the system described in these notes

Component: a piece of software, usually a complete package. It can be Simple or Complex.

Simple Component: a software component which does not include other components. For example, small libraries are usually Simple Components.

Complex Component: a software component which includes (or has other Relationship) other components. Typical software is usually a Complex Component since it includes many Simple Components (e.g., libraries). Note that it is perfectly possible for a Complex Component to include other Complex Components.

Component Details: the set of data pertaining to a Component. At minimum, these include name of the component and License (OBL). Other info usually present includes version, origin URL, etc.

Catalog: the set of Simple Components (with their Component Details) that are used in the various Complex Components.

Software License: the set of rights and obligations one must follow when using a software. In most of the cases, the license in CLIO will be denoted by a SPDX license expression.

Outbound License (OBL): the set of licenses a Component is licensed under

Inbound License (IBL): the license that a Component is licensed under when used in a Complex Component

Relationship: a connection between two Software Components. The most basic relationship is INCLUDES, when a Component includes the code of another Component (possibly modified). There are many relationships defined in the SPDX Specification, although many of them apply to files and not Components and as such are not relevant.


Access Control

A system of access control (and management) is required.

The Catalog can only be modified by accounts which have the corresponding permission.

A separate permission will allow the creation of Complex Components.

Viewing of the information can be unrestricted.

Integration with LDAP (for accounts and permissions) is highly desirable.


Files

Software Components can further be broken down to files.

It is not expected that CLIO would provide a complete manual interface for manipulating this information.

However, it would desirable to be able to load (and update) this information by the means of SPDX files.


Example

As an illustrative example, here are some data that demonstrate the information handled by the system.

The Catalog contains two Simple Components:

  name: zlib
  license: Zlib
  version: 1.2.11
  origin: http://zlib.net
  URL: http://www.zlib.net/zlib-1.2.11.tar.gz
  name: xxHash
  license: BSD-2-Clause
  origin: http://www.xxhash.com/
  version: 0.6.2
  URL: https://github.com/Cyan4973/xxHash/archive/v0.6.2.tar.gz


There is also a Complex Component (example entry):

name: my_software
license: BSD-3-Clause
version: 0.1

which also has the following relationships:

my_software INCLUDES zlib
my_software STATICALLY_LINKS xxHash
my_software DYNAMICALLY_LINKS libc


The system should be able to store, present, and manage this information and provide a user-friendly way of entering and editing it.

Note that data about users and permissions are not shown in this example.