Support for closed source software packages

[cc-a]

At present we lack sufficient detail on how to proceed with this. This umbrella issue is a location for relevant information and discussion on how to proceed.

Broadly speaking we need to figure out:

1. The change(s) in behaviour that we want vs the existing system.
2. The changes needed in the database schema to support these.
3. The changes needed in the UI to support these.

We need 1 to inform 2 and 3. Best approach to getting 1 is probably a session with the wider project team to go through the current software addition process and how it might be changed. Once we have that, 2 & 3 must be discussed with and agreed by the RSD development team (so we can contribute back to the main project).

Some considerations (a bit of a brain dump):

• The current required data to make a submission is actually very limited. Literally just a title and short description. How far could we get by making "closed source" a UI control that just hides irrelevant fields for closed source?
• Access to data in the database (and by extension the API) is controlled via postgres policies (in database/020-row-level-security.sql). Any private data that we add for closed source repositories must be covered by appropriate policies.
• Would it be possible to have a "closed source" license option?
• What data might it be useful/appropriate to scrape from closed source repositories?

[dalonsoa]

Some thoughts after a chat with Jeremy:

• We should be collecting only data that is public, so modification of the DB policies should not be needed.
• To start with, the only addition to the database should be the option to indicate if a particular software is open source and close source.
• It seems that modifications will be mostly UI related, and not backend. One option would be to have two options for creating software, "Add open source source software" and "Add close source software", rather than "Add software" and "Add project", each opening a form with the mandatory fields that each of those two options require. Once filled, then the other, general form will be shown to add any optional information.
• In the general form, the mandatory fields should still be mandatory, so if someone removes them, then the form cannot be (auto)saved.
• Which are the mandatory fields is to be defined, but it would seem that, for open source, we should require a public repository and for close source a project or group webpage, as the bare minimum.

[dalonsoa]

To explore is how this modifications can be done to the main codebase and then configured for each particular deployment. At the moment, the "Admin" section of the tool is quite minimal, so there might be scope to define the configuration there or, if we want something more permanent, use the existing .env file for the same purpose.

Maybe discuss this options with the RSD team and what the best approach could be.