Merge pull request #856 from eclipse-tractusx/TRG_7_oss_gov_update

AngelikaWittek · web-flow · commit 373f9742ff66 · 2024-06-03T09:32:54.000+02:00
TRG 7: Updates to legal docs
diff --git a/docs/oss/issues.md b/docs/oss/issues.md
@@ -44,7 +44,7 @@ OR
 :::
 
 There is the Otterdog self-service to manage the repositories in our organization.
-Otterdog is a tool to manage GitHub organizations at scale using a configuration as code approach. It is actively developed by the Eclipse Foundation and used to manage its numerous projects hosted on GitHub, see [here](https://gitlab.eclipse.org/eclipsefdn/security/otterdog).
+Otterdog is a tool to manage GitHub organizations at scale using a configuration as code approach. It is actively developed by the Eclipse Foundation and used to manage its numerous projects hosted on GitHub, see [here](https://github.com/eclipse-csi/otterdog).
 
 See the [Otterdog Dashboard](https://eclipse-tractusx.github.io/.eclipsefdn/) with the tabs for the overview, the current configuration and the playground.
 
diff --git a/docs/release/trg-7/trg-7-00.md b/docs/release/trg-7/trg-7-00.md
@@ -4,12 +4,15 @@ title: TRG 7.00 - Recurring activities for each PR
 
 | Status | Created     | Post-History                         |
 |--------|-------------|--------------------------------------|
+| Active | 25-Apr-2024 | Updates for CC-BY-4.0 license        |
 | Active | 20-Jul-2023 | References to TRG 7.07, 7.08 updated |
 |        | 13-Apr-2023 | Moved from OSS Development           |
 
 ## Why
 
-Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the [Apache License 2.0](https://spdx.org/licenses/Apache-2.0). The legal obligations of the content must be observed in all forms of which the content is available.
+Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the Apache License 2.0 ([Apache-2.0](https://spdx.org/licenses/Apache-2.0)). For non-code the default license is the Creative Commons Attribution 4.0 International ([CC-BY-4.0](https://spdx.org/licenses/CC-BY-4.0.html)).
+
+The legal obligations of the content must be observed in all forms of which the content is available.
 
 :::info
 
@@ -20,7 +23,7 @@ The requirements described here must be met for each contribution.
 ## Description
 
 This is a summary of the most important requirements for OSS governance that you must follow.
-Before submitting a PR, contributors should verify compliance with the requirements. The reviewing commiter can only accept a PR if it is compliant.
+Before submitting a PR, contributors should verify compliance with the requirements. The reviewing committer can only accept a PR if it is compliant.
 
 ### Keep the following updated when creating a CatenaX / Tractus-X relevant release tag
 
@@ -42,4 +45,4 @@ Before submitting a PR, contributors should verify compliance with the requireme
   - for libraries with status "restricted", the according IP issues must be present (issue number in the source column)
 - Legal information for distributions: [TRG 7.05](/docs/release/trg-7/trg-7-05)
 - Legal notice for end user content: [TRG 7.06](/docs/release/trg-7/trg-7-06)
-- Legal notice for end user content: [TRG 7.07](/docs/release/trg-7/trg-7-07), [TRG 7.08](/docs/release/trg-7/trg-7-08)
+- Legal notice for non-code: [TRG 7.07](/docs/release/trg-7/trg-7-07), [TRG 7.08](/docs/release/trg-7/trg-7-08)
diff --git a/docs/release/trg-7/trg-7-01.md b/docs/release/trg-7/trg-7-01.md
@@ -4,13 +4,16 @@ title: TRG 7.01 - Legal Documentation
 
 | Status | Created     | Post-History                         |
 |--------|-------------|--------------------------------------|
+| Active | 25-Apr-2024 | Updates for CC-BY-4.0 license        |
 | Active | 24-Aug-2023 | Updated SECURITY.md file             |
 | Active | 20-Jul-2023 | References to TRG 7.07, 7.08 updated |
 | Active | 13-Apr-2023 | Moved from OSS Development           |
 
 ## Why
 
-Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the [Apache License 2.0](https://spdx.org/licenses/Apache-2.0). The legal obligations of the content must be observed in all forms of which the content is available.
+Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the Apache License 2.0 ([Apache-2.0](https://spdx.org/licenses/Apache-2.0)). For non-code the default license is the Creative Commons Attribution 4.0 International ([CC-BY-4.0](https://spdx.org/licenses/CC-BY-4.0.html)).
+
+The legal obligations of the content must be observed in all forms of which the content is available.
 
 This page contains information about legal documentation requirements in your repositories. The source of truth is always the [Eclipse Foundation Project Handbook](https://www.eclipse.org/projects/handbook/#legaldoc).
 
@@ -25,27 +28,52 @@ The requirements described here **must** be met for each contribution.
 The following files must be part of your repository root folder:
 
 - LICENSE
+- LICENSE_non-code
 - NOTICE.md
 - DEPENDENCIES
 - SECURITY.md
 - CONTRIBUTING.md
 - CODE_OF_CONDUCT.md
 
-For examples look to the [Eclipse Tractus-X GitHub Organisation](https://github.com/eclipse-tractusx), e.g. the [APP Dashboard](https://github.com/eclipse-tractusx/app-dashboard).
+For examples look to the [Eclipse Tractus-X GitHub Organisation](https://github.com/eclipse-tractusx), e.g. the [sig-infra](https://github.com/eclipse-tractusx/sig-infra).
+
+### LICENSE FILES
+
+The Tractus-X project uses the following licenses:
+
+- Apache-2.0 for code
+- CC-BY-4.0 for non-code
+
+Both licenses have to be put on root level of each repository, [exampel](https://github.com/eclipse-tractusx/sig-infra).
+
+**Exception:** Repositories that use ONLY the CC-BY-4.0 license, e.g. [sldt-semantic-models](https://github.com/eclipse-tractusx/sldt-semantic-models/blob/main/NOTICE.md).
+In these repositories the CC-BY-4.0 license in the only license and the file is named LICENSE.
+
+See the [Handbook#legaldoc-license](https://www.eclipse.org/projects/handbook/#legaldoc-license).
 
-### LICENSE FILE
+#### LICENSE FILE
 
-In Eclipse Tractus-X the primary outbound license is Apache-2.0.
+In Eclipse Tractus-X the outbound license for code is Apache-2.0.
 
+- File name: LICENSE
 - SPDX-License-Identifier: Apache-2.0
 - [License Text](https://www.apache.org/licenses/LICENSE-2.0.txt)
 
-See the [Handbook#legaldoc-license](https://www.eclipse.org/projects/handbook/#legaldoc-license).
+#### LICENSE_non-code FILE
+
+The default license for non-code is the CC-BY-4.0.
+
+- File name: LICENSE_non-code
+- SPDX-License-Identifier: CC-BY-4.0
+- [License Text](https://creativecommons.org/licenses/by/4.0/legalcode.txt)
 
-For specifically defined documentation files the Creative Commons Attribution 4.0 International (CC BY 4.0) is required, see [TRG 7.08](trg-7-08.md).
+For more information, see [TRG 7.08](trg-7-08.md).
 
 ### NOTICE FILE
 
+Do the following changes:
+
+- Add both licenses to the "Declared Project Licenses" sections, see [example](https://github.com/eclipse-tractusx/sig-infra/blob/main/NOTICE.md)
 - Add the link to your repository
 - Add the link(s) to your SBOM, e.g. the DEPENDENCY file (one or more)
 - Add information for third party content checks, if not covered by the Dash Tool (e.g. IP checks for icons, fonts, ...)
@@ -93,7 +121,9 @@ In severe cases, you can also report a found vulnerability via mail or eclipse i
 See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability)
 ```
 
-### CONTRIBUTOR GUIDE
+### CONTRIBUTING FILE
+
+Due to changes in the Eclipse Project Handbook, make sure that you have included the section "Terms of Use", see [the Legal Document Generator](https://www.eclipse.org/projects/tools/documentation.php?id=automotive.tractusx#contributing) or the [example](https://github.com/eclipse-tractusx/sig-infra/blob/main/CONTRIBUTING.md).
 
 See the [Handbook#legaldoc-contributor](https://www.eclipse.org/projects/handbook/#legaldoc-contributor)
 
@@ -103,7 +133,6 @@ See the [Handbook#legaldoc-contributor](https://www.eclipse.org/projects/handboo
 
 The Version 2.0  of the Eclipse Foundation Community Code of Conduct was released on Jan 01, 2023.
 Update the file in your repositories.
-
 :::
 
 See the [CODE OF CONDUCT](https://www.eclipse.org/org/documents/Community_Code_of_Conduct.php)
diff --git a/docs/release/trg-7/trg-7-02.md b/docs/release/trg-7/trg-7-02.md
@@ -2,13 +2,17 @@
 title: TRG 7.02 - License and Copyright header
 ---
 
-| Status | Created     | Post-History               |
-|--------|-------------|----------------------------|
-| Active | 13-Apr-2023 | Moved from OSS Development |
+| Status | Created     | Post-History                                       |
+|--------|-------------|----------------------------------------------------|
+| Active | 25-Apr-2024 | Updates for CC-BY-4.0 license                      |
+| Active | 24-Apr-2024 | Update of the year information in copyright header |
+| Active | 13-Apr-2023 | Moved from OSS Development                         |
 
 ## Why
 
-Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the [Apache License 2.0](https://spdx.org/licenses/Apache-2.0). The legal obligations of the content must be observed in all forms of which the content is available.
+Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the Apache License 2.0 ([Apache-2.0](https://spdx.org/licenses/Apache-2.0)). For non-code the default license is the Creative Commons Attribution 4.0 International ([CC-BY-4.0](https://spdx.org/licenses/CC-BY-4.0.html)).
+
+The legal obligations of the content must be observed in all forms of which the content is available.
 
 This page contains information about legal documentation requirements in your files. The source of truth is always the [Eclipse Foundation Project Handbook](https://www.eclipse.org/projects/handbook/#ip-copyright-headers).
 
@@ -22,22 +26,45 @@ The requirements described here **must** be met for each contribution.
 
 *Where possible, all source code, property files, and metadata files (including application, test, and generated source code as well as other types of files such as XML, HTML, etc.) should contain appropriate copyright and license notices as well as information on each contribution.* (From the [Handbook#ip-copyright-headers](https://www.eclipse.org/projects/handbook/#ip-copyright-headers))
 
-:::caution
+## Copyright and License Header
 
-Update the year in the copyright header at the start of each new year!
+### Copyright Header
 
-Example:
-Copyright (c) 202x, **`<new year>`** Contributors to the Eclipse Foundation
+It is recommended to use the generic copyright header:
 
-:::
+```md
+Copyright (c) {year} Contributors to the Eclipse Foundation
+ ```
+
+**Note:**
+
+- The {year} is the year of the initial creation.
+- The contributors are identified via the GitHub commit logs (see NOTICE file)
+
+Additionally copyright lines can be added (one or more times) to list specific copyright owner(s):
+
+```md
+Copyright (c) 202x {owner}[ and others]
+ ```
+
+**Examples:**
+
+1. Copyright (c) 2021 Jane Doe
+    - Copyright: Jane Doe
+1. Copyright (c) 2022 Jane Doe and others
+    - others: somebody has made minor changes (e.g. fixed typos)
+
+Do **not** remove the general line "Copyright (c) 202x Contributors to the Eclipse Foundation".
 
-### Copyright and License Header
+### License Header
 
-Example (Java):
+Never change the license section, except for the comment characters for the appropriate language.
+
+#### Example for Apache-2.0 (Java)
 
 ```md
 /********************************************************************************
- * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2023 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -56,28 +83,26 @@ Example (Java):
  ********************************************************************************/
  ```
 
+#### Example for CC-BY-4.0
+
+```md
+#######################################################################
+# Copyright (c) 2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This work is made available under the terms of the
+# Creative Commons Attribution 4.0 International (CC-BY-4.0) license,
+# which is available at
+# https://creativecommons.org/licenses/by/4.0/legalcode.
+#
+# SPDX-License-Identifier: CC-BY-4.0
+#######################################################################
+ ```
+
 :::tip
 
 Use your IDE's template mechanism to add the text automatically when you create new files.
 
 :::
-
-#### Copyright Header
-
-You can also **add** the following line (one or more times) to identify the specific copyright owner(s):
-
-Copyright (c) 202x,20yy {owner}[ and others]
-
-Examples:
-
-1. Copyright (c) 2021,2023 MyCompany GmbH
-    - 2021, 2023 means from 2021 to 2023
-    - Copyright: MyCompany GmbH
-1. Copyright (c) 2021,2023 MyCompany GmbH and others
-    - others: somebody has made minor changes (e.g. fixed typos)
-
-Do **not** remove the general line "Copyright (c) 202x,20yy Contributors to the Eclipse Foundation".
-
-#### License Header
-
-Never change the license section, except for the formatting characters for the appropriate language.
diff --git a/docs/release/trg-7/trg-7-03.md b/docs/release/trg-7/trg-7-03.md
@@ -2,13 +2,16 @@
 title: TRG 7.03 - IP checks for project content
 ---
 
-| Status | Created     | Post-History               |
-|--------|-------------|----------------------------|
-| Active | 13-Apr-2023 | Moved from OSS Development |
+| Status | Created     | Post-History                  |
+|--------|-------------|-------------------------------|
+| Active | 25-Apr-2024 | Updates for CC-BY-4.0 license |
+| Active | 13-Apr-2023 | Moved from OSS Development    |
 
 ## Why
 
-Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the [Apache License 2.0](https://spdx.org/licenses/Apache-2.0). The legal obligations of the content must be observed in all forms of which the content is available.
+Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the Apache License 2.0 ([Apache-2.0](https://spdx.org/licenses/Apache-2.0)). For non-code the default license is the Creative Commons Attribution 4.0 International ([CC-BY-4.0](https://spdx.org/licenses/CC-BY-4.0.html)).
+
+The legal obligations of the content must be observed in all forms of which the content is available.
 
 This page contains information about legal obligations and checks of your project content. The source of truth is always the [Eclipse Foundation Project Handbook](https://www.eclipse.org/projects/handbook/#ip-project-content).
 
diff --git a/docs/release/trg-7/trg-7-04.md b/docs/release/trg-7/trg-7-04.md
@@ -2,13 +2,16 @@
 title: TRG 7.04 - IP checks for 3rd party content
 ---
 
-| Status | Created     | Post-History               |
-|--------|-------------|----------------------------|
-| Active | 13-Apr-2023 | Moved from OSS Development |
+| Status | Created     | Post-History                  |
+|--------|-------------|-------------------------------|
+| Active | 25-Apr-2024 | Updates for CC-BY-4.0 license |
+| Active | 13-Apr-2023 | Moved from OSS Development    |
 
 ## Why
 
-Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the [Apache License 2.0](https://spdx.org/licenses/Apache-2.0). The legal obligations of the content must be observed in all forms of which the content is available.
+Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the Apache License 2.0 ([Apache-2.0](https://spdx.org/licenses/Apache-2.0)). For non-code the default license is the Creative Commons Attribution 4.0 International ([CC-BY-4.0](https://spdx.org/licenses/CC-BY-4.0.html)).
+
+The legal obligations of the content must be observed in all forms of which the content is available.
 
 This page contains information about legal obligations and checks of your 3rd party content. The source of truth is always the [Eclipse Foundation Project Handbook](https://www.eclipse.org/projects/handbook/#ip-third-party).
 
@@ -93,8 +96,8 @@ Make sure to also include test dependencies. For a maven-based java project you
           </executions>
         </plugin>
       </build>
-        
-        
+
+
 ```
 
 You then can invoke the plugin from command line as follows:
diff --git a/docs/release/trg-7/trg-7-05.md b/docs/release/trg-7/trg-7-05.md
@@ -2,13 +2,16 @@
 title: TRG 7.05 - Legal information for distributions
 ---
 
-| Status | Created     | Post-History |
-|--------|-------------|--------------|
-| Active | 13-Apr-2023 | New          |
+| Status | Created     | Post-History                  |
+|--------|-------------|-------------------------------|
+| Active | 25-Apr-2024 | Updates for CC-BY-4.0 license |
+| Active | 13-Apr-2023 | New                           |
 
 ## Why
 
-Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the [Apache License 2.0](https://spdx.org/licenses/Apache-2.0). The legal obligations of the content must be observed in all forms of which the content is available.
+Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the Apache License 2.0 ([Apache-2.0](https://spdx.org/licenses/Apache-2.0)). For non-code the default license is the Creative Commons Attribution 4.0 International ([CC-BY-4.0](https://spdx.org/licenses/CC-BY-4.0.html)).
+
+The legal obligations of the content must be observed in all forms of which the content is available.
 
 The distribution form of software artifacts (often in a compiled form) generated from a project’s source code repositories must also include legal information.
 The source of truth is always the [Eclipse Foundation Project Handbook](https://www.eclipse.org/projects/handbook/#legaldoc-distribution).
diff --git a/docs/release/trg-7/trg-7-06.md b/docs/release/trg-7/trg-7-06.md
@@ -4,12 +4,15 @@ title: TRG 7.06 - Legal notice for end user content
 
 | Status | Created     | Post-History                               |
 |--------|-------------|--------------------------------------------|
+| Active | 25-Apr-2024 | Updates for CC-BY-4.0 license              |
 | Active | 04-Dec-2023 | Update Shared UI Components / NPM library  |
 | Active | 13-Apr-2023 | New                                        |
 
 ## Why
 
-Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the [Apache License 2.0](https://spdx.org/licenses/Apache-2.0). The legal obligations of the content must be observed in all forms of which the content is available.
+Eclipse Tractus-X is an open source project hosted by the Eclipse Foundation licensed under the Apache License 2.0 ([Apache-2.0](https://spdx.org/licenses/Apache-2.0)). For non-code the default license is the Creative Commons Attribution 4.0 International ([CC-BY-4.0](https://spdx.org/licenses/CC-BY-4.0.html)).
+
+The legal obligations of the content must be observed in all forms of which the content is available.
 
 All products delivered by the project—including executables, websites, documentation, and help must include certain notices. An executable might, for example, provide this information in an About Dialog; documentation might include a notice in either the pre- or post-amble, or a website might provide this information in a common footer, or a dedicated page.
 
diff --git a/docs/release/trg-7/trg-7-07.md b/docs/release/trg-7/trg-7-07.md
diff --git a/docs/release/trg-7/trg-7-08.md b/docs/release/trg-7/trg-7-08.md
