The initial scope of the project is guidance on the use of open-source projects, as well as collaboration on and creation of open-source projects. The primary aim is to provide guidance and link out to more information. If gaps are found, they will be noted for later follow-up and potential follow-on working groups: Using open source Relevance of different licence types Watchouts on governance models and assessing risk Landscape of tools available for vulnerability detection, validation/qualification/risk and enforcing licence policies, with particular reference to R-specific tools
Building open source A summary and recommendation of licence types, with particular focus on permissive vs copyleft licences and the ramifications on code built on top of your project Relevance of licences present in dependencies, direct vs transitive dependencies, and the issues around compiling with dependencies that could occur in something like a public shiny app Landscape of places to place open-source projects and build collaborative communities Pros/benefits and cons/risks for companies to open source clinical reporting codebases Governance models for open-source projects with reference to their use today across clinical reporting collaborations Survey and summary of contract types present where intellectual property and copyright is shared between companies Tools available to understand the general health of projects (e.g. LFX tools), with specific reference to R extensions (e.g. metacran, riskmetric, openpharma) Examples of release models, particularly where projects have inter-project dependencies (e.g. tidyverse de-coupled release model vs bioconductor cohort release model) Tools for releasing and maintaining projects, with particular reference to tools for R packages
|
