Something I don’t get paid enough to understand - what constitutes contributions, and what’s the definition of selling the software?
For instance, I don’t think I’ve worked on a project where we have made changes to the source code for security policies (much quicker path to update immediately if something gets flagged). But I don’t think I know of an instance where we sell our software as a service - as far as I know it’s largely used to support other services we sell.
Except now that I say that, that’s not entirely true, we DO have a review board that we have to submit every third party library to and it takes forever to hear back but we have occasionally gotten a “no can’t use that” or “contract is pending.” So maybe I’m just super unaware of who reviews the third party software and they review the licenses.
we may also add a criteria to block non-release dependencies.
As a developer, you’re free to use anything that works
I have yet to figure out how my company views contributing back to open source. I don’t know of anyone actively doing that, but it turns out we host a few originals of open source. I’ve been trying to improve development processes, get tools and dependencies up to date …… but then I ran into things where it’s a bigger change because of the downstream opensource dependencies and because it’s not really owned by the company
Something I don’t get paid enough to understand - what constitutes contributions, and what’s the definition of selling the software?
For instance, I don’t think I’ve worked on a project where we have made changes to the source code for security policies (much quicker path to update immediately if something gets flagged). But I don’t think I know of an instance where we sell our software as a service - as far as I know it’s largely used to support other services we sell.
Except now that I say that, that’s not entirely true, we DO have a review board that we have to submit every third party library to and it takes forever to hear back but we have occasionally gotten a “no can’t use that” or “contract is pending.” So maybe I’m just super unaware of who reviews the third party software and they review the licenses.
We have a scanner that does that on every build.
It blocks builds for dependencies with
As a developer, you’re free to use anything that works
I have yet to figure out how my company views contributing back to open source. I don’t know of anyone actively doing that, but it turns out we host a few originals of open source. I’ve been trying to improve development processes, get tools and dependencies up to date …… but then I ran into things where it’s a bigger change because of the downstream opensource dependencies and because it’s not really owned by the company