Setting standards for your catalog
Tidelift-managed catalogs include, both, the package releases and a set of defined standards that we use when managing the catalog. These are the standards that we expect each package or package release to meet for us to be able to designate something as approved in the catalog.
We provide built-in functionality that allow you to set additional standards and easily uphold them.
Licensing standards define which licenses are acceptable within your organization’s catalog. An organization’s licensing standards may reflect a formal license policy that an organization has in place or an organization can start creating one with one of our pre-built templates. This standard is applied whenever you are considering adding a new package release to a catalog. Tidelift will flag if the release’s license is not on the approved list.
When first setting up licensing standards for a catalog, choose from one of our pre-made templates or start from scratch. Our pre-made templates have been created and validated by Luis Villa, a Tidelift co-founder and lawyer with deep knowledge of open source software law.
Your licensing standards are made up of three lists:
- “Approved” – Licenses that are always approved for use in the catalog
- “Uncategorized” – Licenses that need additional review
- “Denied” – licenses that are never approved for use in the catalog
Once you have set license standards for your catalog, these will be shown when contextually relevant – such as approving a developer’s request for a new package release or if a Tidelift-managed catalog that you’re subscribed to contains packages that do not meet your catalog’s standards.
Any standards set on your catalog should always take precedence over any catalogs to which you are subscribed: if you deny `GPL-3.0` licenses in your catalog, but you subscribe to a Tidelifit-managed catalog that includes a package release with a `GPL-3.0` license, that package will be automatically denied within your organization’s catalog