Presentation: Continuous Compliance - An Introduction to Quartermaster
Creating up-to-date FOSS license compliance documentation at build time
Free and open source license compliance is a thorny topic - it is at the same time a rigid obligation to vendors, an important hygiene factor in communities, and dauntingly complex to achieve and constantly maintain. Ensuring license compliance requires adequate business processes as defined in OpenChain, a common license data exchange format provided by SPDX, and tools to automate license compliance requirements integrated into the engineering workflow - Quartermaster. The presentation demonstrates how Quartermaster can be used to automatically create up-to-date and correct compliance documentation. It explains the concept and philosophy behind the toolchain, the history of the project and how Quartermaster develops an industry standard for license compliance tooling by building bridges between free and open source developers, legal practitioners and open source program offices. The KDE Community should consider adopting Quartermaster for frameworks and application releases.