End-to-End Open-source Collaboration Guidance

The initial scope of the project is guidance on the use of open-source projects, as well as collaboration on and creation of open-source projects. The primary aim is to provide guidance and link out to more information. If gaps are found, they will be noted for later follow-up and potential follow-on working groups:

• Using open source
  • Relevance of different licence types
  • Watchouts on governance models and assessing risk
  • Landscape of tools available for vulnerability detection, validation/qualification/risk and enforcing licence policies, with particular reference to R-specific tools
• Building open source
  • A summary and recommendation of licence types, with particular focus on permissive vs copyleft licences and the ramifications on code built on top of your project
  • Relevance of licences present in dependencies, direct vs transitive dependencies, and the issues around compiling with dependencies that could occur in something like a public shiny app
  • Landscape of places to place open-source projects and build collaborative communities
  • Pros/benefits and cons/risks for companies to open source clinical reporting codebases
  • Governance models for open-source projects with reference to their use today across clinical reporting collaborations
  • Survey and summary of contract types present where intellectual property and copyright is shared between companies
  • Tools available to understand the general health of projects (e.g. LFX tools), with specific reference to R extensions (e.g. metacran, riskmetric, openpharma)
  • Examples of release models, particularly where projects have inter-project dependencies (e.g. tidyverse de-coupled release model vs bioconductor cohort release model)
  • Tools for releasing and maintaining projects, with particular reference to tools for R packages