Why is this important? For starters, increasing clarity around a project makes it easier to build a community and gain contributors. It also increases consumer’s confidence in open source. Overall, it serves as an important piece of the end-to-end ecosystem that has developed around the production and consumption of open source.
ClearlyDefined fills a “data gap” in the open source management ecosystem today. There are many great efforts around tools, formats, and processes for open source, but few directly address how to get or manage the data to put in the tools, formats or processes. ClearlyDefined’s sole purpose is to harvest, curate and provide essential data such as the license, copyright holders, source location, and security vulnerabilities for individual open source components. That data is then available to developers as they select components to use, to legal and security teams as they assess what they have, and compliance teams as they ensure they are respecting the wishes of the projects.
This data is also a boon to open source projects as they are often consumers of other open source work. Making it easy for producers to understand the nature of components they consume makes it easy for them to know what they are bringing into their community.
The team in Microsoft’s Open Source Programs Office has been contributing to this project and is a part of the community growing around the technology, curation, and upstream work. We are very excited to help develop ClearlyDefined along with many other organizations, companies, and individuals who are producing and/or consuming open source. Every day we are engaging with more and more open source teams. ClearlyDefined is crucial to understanding the nature of their code. We love the mindset and the project fits seamlessly into our engaged approach to open source.
ClearlyDefined provides infrastructure and processes that enable crowd-source curation of mechanically harvested data. Like any open source project, community contributors untangle ambiguities, fill gaps, or verify discovered information. Each contribution is reviewed and discussed in the open, and if accepted, ultimately merged and made available upstream to the original open source project.
It is telling that some of the initial participants include the Eclipse Foundation, well known for understanding the importance of this kind of information to building confidence in a community. By being part of the OSI, ClearlyDefined augments the OSI’s mission of educating, advocating, and stewarding open source – discovering, curating and contributing the data is a logical extension.
The project is only just starting, but it strikes a chord with folks who encounter it. Even with its initial focus on licensing related info, security will come later, there is a ton of work to do. Everything from building connections with upstream communities to understand how they work, promote adoption, and acceptance of upstreamed changes, to defining a curation process and building a curation community, to implementing and running the website and tools that power the system.
What chord does it strike for you? Want to get involved? Check out https://docs.clearlydefined.io/get-involved.
More about this project from our partners: