Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Create bill of materials instead of only extracted comments #45259

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

feat: Create bill of materials instead of only extracted comments #45259

wants to merge 2 commits into from

Conversation

susnux
Copy link
Contributor

@susnux susnux commented May 10, 2024

Summary

Do not extract comments (that depends on regex) but correctly export BOM from packages used.

Checklist

@susnux
feat: Create BOM for frontend code instead of only extract comments
abd0930 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: Build assets
483ae76 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux susnux mentioned this pull request May 10, 2024
Merged
5 tasks
@st3iny
Copy link
Member

st3iny commented May 10, 2024

Does that also include license headers from our own source code or just from the packages used?

@susnux
Copy link
Contributor Author

susnux commented May 10, 2024

Does that also include license headers from our own source code or just from the packages used

No but all other licenses we depend on, as all of our code is licensed under AGPL-3.0 (some parts even AGPL-3.0+ but at least AGPL-3.0 and compatible so that we can publish it under AGPL-3.0)

@AndyScherzinger
Copy link
Member

AndyScherzinger commented May 11, 2024
edited

No but all other licenses we depend on, as all of our code is licensed under AGPL-3.0 (some parts even AGPL-3.0+ but at least AGPL-3.0 and compatible so that we can publish it under AGPL-3.0)

Well, this might not be absolutely true in 100% of all cases while true for most. Some files do have MIT or Apache or else, while always compatible. However for any file not shipping a license header we need to have an entry in the dep5 file which is rather complicated for generated files where a wildcard would catch all files, also the ones that aren't the default license.

Do we have a chance to also generate .license files for our own files living right next to them? In that case we would have the best way to achieve reuse compliance without relying on the dep5 file. So at least for these we could then generate the files lice today but for SPDX, no?

Happy to sit-down during the Berlin week 😃

@susnux
Copy link
Contributor Author

susnux commented May 13, 2024

But relying on extracted comments also is not the best solution as it will likely not contain 3rdparty licenses from code bundled in. Because often 3rdparty has removed all comments from code.

Happy to sit-down during the Berlin week 😃

Sure :)

@github-actions GitHub Actions

This comment was marked as off-topic.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndyScherzinger AndyScherzinger Awaiting requested review from AndyScherzinger

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
feedback-requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@susnux @st3iny @AndyScherzinger