License Review Tool Requirements, Candidates and Selection
The License Review mailing list is considering using a project management tool for public tracking of the license review process. This page is for collecting information related to this tool selection. Note that the license-review list, and corresponding license review process in general, is distinct from the license-discuss mailing list, which this document does not address.
The License Committee recommends contracting for services in the identification and implementation of a better workflow for the review of licenses. We have decided that the current email-based system (Mailman) is inadequate as it is exceedingly difficult to follow discussions, which reduces participation. The tasks that this person will undertake are:
Stage 1:
- Contact and work with stakeholders to further describe business, user, non/functional, and implementation requirements for an appropriate license-review vehicle(s) (including attributes below).
Stage 2:
- Implement the vehicle on an OSI-approved host, including the configuration of users/roles/permissions, integrations, data transfer, workflows, etc. in order to meet the requirements identified.
- Document the expected process for reviewing a license and the roles of all participants in the process
- Document the solution and any maintenance tasks so they can be handed off to a new maintainer
Stage 3:
- Evaluate the feasibility of creating a complete, searchable database of all license-review emails, either incorporated into the tool or separate from the tool (currently emails are at at least three different urls)
The person may also be asked to:
- Create a maintainable system for making machine-readable licenses available
- Create a complete, searchable database of all license-review emails
The OSI would execute each stage in turn, retaining the option to re-evaluate or even potentially terminate the project at the end of each stage. For example, if it turns out that we cannot identify a solution at the end of Stage 1, the OSI would end the engagement.
Requirements for license-review process
Must have
- Ability to submit a license for review
- Being able to immediately identify the current state of review for a license (eg. "approved", "rejected", "new", "being redrafted", "invalid", "rejected", etc.)
- Ability to submit updated revisions of a license, without destroying previous ones or associated history. (Licenses often go through multiple rounds of revisions or drafts based on feedback received.)
- Ability to comment on specific sections/words/lines of a given draft of license. (Sections of licenses that have been revised are areas of interest)
- Ability to comment on a license in a general sense
- Ability to moderate discussions (including removing comments, editing comments, banning users)
- Ability to close the process with the publication of an accompanying rationale document
- Discussions must be publicly accessible, without authentication
- Users must authenticate and maintain a consistent identity in order to comment/participate in the process
- Time-stamping of all comments and submissions
- Entirely separate discussions for each license
- Discussions must be archiveable and available to reference through linking
- Easy to learn and use by non-technical users
- Must not assume experience with specific technical tools (i.e. requirement to use Git, XML, or a specific programming language, etc.)
- Tools are principally open source
Nice to have
- Ability to cross-reference a different comment in the same or different discussion
- Searchable discussions
- Canonical URIs for each license for review
- Machine-readable output from the license review process (text of the license + metadata such as Author, Date approved, Link to discussion, etc.)
- Low administrative overhead/hosted service (OSI does not have a good track record of hosting/maintaining new services)
- Previous license review emails can be added so that all license reviews are in the same place (we may need to engage someone separately to complete a migration)
- Configurable notifications in order to watch and follow discussions
- Welcoming to new community members
- Badges to easily identify participants to provide context (e.g. OSI board members, long-time community participants, etc.)
- Not mandatory to use the tool in order to participate in review, i.e., system integrates with an email workflow