diff --git a/common/modules/deposit.org b/common/modules/deposit.org index a7b2efe..2f4afc7 100644 --- a/common/modules/deposit.org +++ b/common/modules/deposit.org @@ -1,183 +1,183 @@ #+COLUMNS: %40ITEM %10BEAMER_env(Env) %9BEAMER_envargs(Env Args) %10BEAMER_act(Act) %4BEAMER_col(Col) %10BEAMER_extra(Extra) %8BEAMER_opt(Opt) #+INCLUDE: "prelude.org" :minlevel 1 # Requirements: # #+LATEX_HEADER_EXTRA: \usepackage{tikz} #+LATEX_HEADER_EXTRA: \usetikzlibrary{arrows,shapes} #+LATEX_HEADER_EXTRA: \definecolor{swh-orange}{RGB}{254,205,27} #+LATEX_HEADER_EXTRA: \definecolor{swh-red}{RGB}{226,0,38} #+LATEX_HEADER_EXTRA: \definecolor{swh-green}{RGB}{77,181,174} * Deposit :PROPERTIES: :CUSTOM_ID: main :END: ** Pushing source code to Software Heritage :PROPERTIES: :CUSTOM_ID: overview :END: **** Deposit service - complement regular (pull) crawling of forges and distributions - restricted access (i.e., not a warez dumpster!) - - early prototype at: *\url{https://deposit.softwareheritage.org/}* + - *\url{deposit.softwareheritage.org}* **** Tech bits - *SWORD* 2.0 compliant server, for digital repositories interoperability - RESTful API for deposit and monitoring, with CLI wrapper ** Prepare a deposit :PROPERTIES: :CUSTOM_ID: prepare :END: *** Prepare source code tarball #+BEGIN_SRC $ tar caf software.tar.gz /path/to/software/ #+END_SRC #+BEAMER: \pause *** Associate metadata #+BEAMER: \scriptsize #+BEGIN_SRC $ cat > software.tar.gz.metadata.xml Je suis GPL https://forge.softwareheritage.org/source/jesuisgpl/ Stefano Zacchiroli Maintainer ^D #+END_SRC ** Send a deposit :PROPERTIES: :CUSTOM_ID: send :END: *** #+BEGIN_SRC $ swh-deposit --username 'name' --password 'pass' \ --archive software.tar.gz #+END_SRC #+BEAMER: \pause #+BEGIN_SRC { 'deposit_id': '11', 'deposit_status': 'deposited', 'deposit_date': 'Jan. 30, 2018, 9:37 a.m.' } #+END_SRC ** Multipart deposit :PROPERTIES: :CUSTOM_ID: multipart :END: *** #+BEAMER: \scriptsize #+BEGIN_SRC $ swh-deposit --username 'name' --password 'secret' \ --partial \ --archive the-bulk-of-it.tar.gz #+END_SRC #+BEAMER: \pause #+BEGIN_SRC { 'deposit_id': '11', 'deposit_status': 'partial', 'deposit_date': 'Jan. 30, 2018, 9:37 a.m.' } #+END_SRC #+BEAMER: \pause *** #+BEAMER: \scriptsize #+BEGIN_SRC $ swh-deposit --username 'name' --password 'secret' \ --partial \ # omit this to finalize --deposit-id 11 --archive addendum.tar.gz #+END_SRC #+BEAMER: \pause *** #+BEAMER: \scriptsize #+BEGIN_SRC $ swh-deposit --username 'name' --password 'secret' \ --deposit-id 11 --archive last-touch.tar.gz #+END_SRC ** Replace previous archive and/or metadata :PROPERTIES: :CUSTOM_ID: override :END: *** #+BEAMER: \scriptsize #+BEGIN_SRC $ swh-deposit --username 'name' --password 'secret' \ --deposit-id 11 \ --archive updated-software.tar.gz \ --replace #+END_SRC #+BEAMER: \pause #+BEAMER: \scriptsize #+BEGIN_SRC { 'deposit_id': '11', 'deposit_status': 'deposited', 'deposit_date': 'Jan. 30, 2018, 9:37 a.m.' } #+END_SRC ** Ingestion status :PROPERTIES: :CUSTOM_ID: status :END: \tikzstyle{fail} = [draw, thin, fill=swh-red!80!swh-orange, minimum height=1.5em] \tikzstyle{processing} = [draw, thin, fill=swh-orange!100, minimum height=1.5em] \tikzstyle{success} = [draw, thin, fill=swh-green!80!swh-orange, minimum height=1.5em] \begin{figure} \begin{tikzpicture}[node distance=1.8cm, auto,>=latex', thick] % We need to set at bounding box first. Otherwise the diagram % will change position for each frame. %\path[use as bounding box] (-1,0) rectangle (10,-2); \path[->]<1-> node[processing] (partial) {partial} node[success, right of=partial] (deposited) {deposited} (partial) edge node {} (deposited) node[processing, right of=deposited] (checking) {} (deposited) edge node {} (checking) node[success, right of=checking] (verified) {verified} node[fail, below of=checking] (rejected) {rejected} (checking) edge node {} (verified) edge node[swap] {} (rejected) node[processing, right of=verified] (loading) {} node[success, right of=loading] (done) {done} node[fail, below of=loading] (failed) {failed} (verified) edge node {} (loading) (loading) edge node {} (failed) (loading) edge node {} (done); \end{tikzpicture} \end{figure} #+BEAMER: \pause *** #+BEAMER: \footnotesize #+BEGIN_SRC $ swh-deposit --username 'name' --pass 'secret' \ --deposit-id '11' --status #+END_SRC #+BEAMER: \pause #+BEGIN_SRC { 'deposit_id': 11, 'deposit_status': 'done', 'deposit_status_detail': The deposit has been successfully loaded into the Software Heritage archive', 'deposit_swh_id': 'swh:1:rev:a86747d201ab8f8657d145df4376676d5e47cf9f' } #+END_SRC ** Access a deposit :PROPERTIES: :CUSTOM_ID: access :END: After ingestion a deposit becomes an integral, permanent part of the Software Heritage archive. - it has a *persistent identifier* - e.g., =swh:1:rev:a86747d201ab8f8657d145df4376676d5e47cf9f= - - it can be *browsed* online at https://archive.softwareheritage.org/ + - it can be *browsed* online at *\url{archive.softwareheritage.org}* - e.g., https://archive.softwareheritage.org/browse/swh:1:rev:a86747d201ab8f8657d145df4376676d5e47cf9f - it can be bulk *downloaded* using the Software Heritage Vault diff --git a/talks-public/2018-02-04-fosdem-legal/2018-02-04-fosdem-legal.org b/talks-public/2018-02-04-fosdem-legal/2018-02-04-fosdem-legal.org index e84034c..65ece2c 100644 --- a/talks-public/2018-02-04-fosdem-legal/2018-02-04-fosdem-legal.org +++ b/talks-public/2018-02-04-fosdem-legal/2018-02-04-fosdem-legal.org @@ -1,32 +1,45 @@ #+COLUMNS: %40ITEM %10BEAMER_env(Env) %9BEAMER_envargs(Env Args) %10BEAMER_act(Act) %4BEAMER_col(Col) %10BEAMER_extra(Extra) %8BEAMER_opt(Opt) #+TITLE: Outsourcing Source Code Distribution Requirements #+AUTHOR: Alexios Zavras, Stefano Zacchiroli #+BEAMER_HEADER: \date[FOSDEM 2018]{4 February 2018\\FOSDEM\\Brussels, Belgium} #+DATE: 4 February 2018 #+INCLUDE: "this/prelude-swh+intel.org" :minlevel 1 #+INCLUDE: "../../common/modules/169.org" #+BEAMER_HEADER: \institute[Intel \& Software Heritage]{Intel, alexios.zavras@intel.com\\Software Heritage, zack@upsilon.cc} #+BEAMER_HEADER: \setbeamertemplate{background}{\includegraphics[width=\paperwidth,height=\paperheight]{world-169}} #+LATEX_HEADER_EXTRA: \usepackage{tikz} #+LATEX_HEADER_EXTRA: \usetikzlibrary{arrows,shapes} #+LATEX_HEADER_EXTRA: \definecolor{swh-orange}{RGB}{254,205,27} #+LATEX_HEADER_EXTRA: \definecolor{swh-red}{RGB}{226,0,38} #+LATEX_HEADER_EXTRA: \definecolor{swh-green}{RGB}{77,181,174} * Real-world compliance #+INCLUDE: "this/intel-use-case.org::#main" :minlevel 2 :only-contents t * Software Heritage #+INCLUDE: "../../common/modules/swh-overview-sourcecode.org::#mission" :minlevel 2 #+INCLUDE: "../../common/modules/principles-short.org::#principles" :minlevel 2 #+INCLUDE: "../../common/modules/status-extended.org::#dataflow" :minlevel 2 #+INCLUDE: "../../common/modules/status-extended.org::#archive" :minlevel 2 * Outsourcing CCS distribution #+INCLUDE: "../../common/modules/deposit.org::#overview" :minlevel 2 #+INCLUDE: "../../common/modules/deposit.org::#prepare" :minlevel 2 #+INCLUDE: "../../common/modules/deposit.org::#send" :minlevel 2 #+INCLUDE: "../../common/modules/deposit.org::#status" :minlevel 2 #+INCLUDE: "../../common/modules/deposit.org::#access" :minlevel 2 # #+INCLUDE: "../../common/modules/vault.org::#main" :minlevel 2 :only-contents t +** Wrapping up +*** + - long-term _hosting of CCS_ archives can be onerous in the real-world + - it is A-OK to _outsource_ that responsibility to third parties + - Software Heritage crawls (pull) _all FOSS_ and can now accept push + deposits + - Intel and Software Heritage are working together on _practical tooling_ + to outsource CCS hosting to the Software Heritage archive +*** Come and join us! + - =alexios.zavras@intel.com= , =zack@upsilon.cc= + - https://www.softwareheritage.org + - https://deposit.softwareheritage.org + - https://archive.softwareheritage.org (FOSDEM 2018 preview!) diff --git a/talks-public/2018-02-04-fosdem-legal/this/intel-use-case.org b/talks-public/2018-02-04-fosdem-legal/this/intel-use-case.org index 2fb5f1f..d9eae4d 100644 --- a/talks-public/2018-02-04-fosdem-legal/this/intel-use-case.org +++ b/talks-public/2018-02-04-fosdem-legal/this/intel-use-case.org @@ -1,55 +1,72 @@ * Intel use case :PROPERTIES: :CUSTOM_ID: main :END: -** The Setup +** The setup - Intel delivers /a lot/ of software - Software is a combination of own and FOSS components - - Many components have source code distribution requirements + - Many components have a legal source code distribution requirement + - we also might deliver source in other cases -** The Legal Requirement +** The legal requirement #+BEGIN_QUOTE For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.\hfill --- /GPLv2/ #+END_QUOTE ** Complete Corresponding Source (CCS) **** Different terms used - - GPLv2: complete corresponding machine-readable source code - - GPLv3: Corresponding Source - - MPLv2: Source Code Form - - EPLv2: Source Code + - GPLv2: ``complete corresponding machine-readable source code'' / + ``accompany'' + - GPLv3: ``Corresponding Source'' / ``convey'' + - MPLv2: ``Source Code Form'' / ``made available'' + - EPLv2: ``Source Code'' / ``made available'' -** The Problem +** The problem **** In an ideal world - Fool-proof processes in place - Set it up once, always working **** Practical considerations - People change roles or leave - Re-organizations happen - Things get forgotten -** Functional Requirements +** Use cases +**** Trying to build an internal service: -**** Use cases - Our delivery contains our own FOSS ~sw.tar.gz~ - Our delivery contains ~gcc-7.3~ - Our delivery contains ~gcc~ snapshot of revision ~257214~ - Our delivery contains ~gcc-7.3~ patched with ~patches.tar.gz~ -** Functional Requirements - We need to be able to: +** Functional requirements **** + We need to be able to: - provide our own software package - refer to a ``well-known'' FOSS component - with release version or unique revision - combine the two - well-known component with own patches +**** Great Idea + - Can we /outsource/ the fulfilment of these requirements? -** The Idea +** The idea +**** Is it legal? + #+BEGIN_QUOTE + GPL FAQ: Can I put the binaries on my Internet server and put the source on + a different Internet site? + - [v3] Yes. Section 6(d) allows this. However, you must provide clear + instructions people can follow to obtain the source, and you must take + care to *make sure that the source remains available* for as long as you + distribute the object code. + - [v2] The GPL says you must offer access to copy the source code ``from the + same place''; that is, next to the binaries. However, if you *make + arrangements with another site* to keep the necessary source code + available, and put a link or cross-reference to the source code next to + the binaries, we think that qualifies as ``from the same place''. + #+END_QUOTE + #+BEAMER: \pause **** - - Wouldn't it be /great/ if someone could fulfil these? - - What if we could *outsource* the fulfilment of these requirements? - + Wouldn't it be great if /someone/ could fulfill our requirements?