Page MenuHomeSolus
Create Task
Maniphest T4332

Strict license validation of all incoming packages
Migrated to GithubPublic
Actions

Description

I want full verification of all incoming packages that they're suitable for inclusion now:

  • All license fields MUST be SPDX compliant records
  • All licenses in the package must be accounted for
  • Missing/incorrect license will NOT be permitted - this must be corrected before package.yml goes in the repos

ARs for Ikey:

  • Create simplistic license validation tool to scan the tarballs and document all license fields.
  • Perform repository-wide validation
  • Create new Conformance tag

Related Objects
Search...

StatusSubtypeAssignedTask
 WontfixNoneT4235 Meta: Post-release blues
 MigratedDataDrakeT4332 Strict license validation of all incoming packages

Event Timeline

ikey claimed this task.Aug 19 2017, 1:45 PM
ikey added a subscriber: ikey.
Herald removed ikey as the assignee of this task. · View Herald TranscriptAug 19 2017, 1:45 PM
Herald added a project: Lacks Project. · View Herald Transcript
ikey updated the task description. (Show Details)Aug 19 2017, 1:48 PM
ikey edited projects, added Platform Integration; removed Lacks Project.
ikey updated the task description. (Show Details)
ikey added a project: Conformance.
ikey triaged this task as High priority.Aug 19 2017, 1:54 PM
ikey claimed this task.Aug 19 2017, 2:01 PM
ikey raised the priority of this task from High to Unbreak Now!.
ikey added a parent task: T4235: Meta: Post-release blues.
ikey added a comment.Aug 19 2017, 2:30 PM

Work for this will now happen @ https://github.com/solus-project/preston

baimafeima added a subscriber: baimafeima.Aug 19 2017, 4:25 PM
Devil505 added a subscriber: Devil505.Aug 19 2017, 4:34 PM
m-delvalle added a subscriber: m-delvalle.Aug 19 2017, 4:39 PM
kyrios123 added a subscriber: kyrios123.Aug 19 2017, 8:17 PM

Still you'll need to handle some exceptions for things like the nvidia proprietary drivers.

ikey added a comment.Aug 20 2017, 10:51 AM

@kyrios123 yeah. Perhaps a static set like EULA-NVIDIA

As4fN1v added a subscriber: As4fN1v.Aug 20 2017, 12:51 PM
As4fN1v removed a subscriber: As4fN1v.
EP01 mentioned this in D632: Update pep8 to 1.7.1.Aug 30 2017, 10:44 AM
kyrios123 added a comment.Sep 1 2017, 7:35 PM

@ikey I found a weird case with expect

Here is the full content of the license file:

Expect

Written by: Don Libes, libes at nist.gov, NIST

Design and implementation of this program was paid for by U.S. tax
dollars. Therefore it is public domain. However, the author and NIST
would appreciate credit if this program or parts of it are used.

ikey added a comment.Sep 2 2017, 6:13 PM

That is super cranky.

ikey lowered the priority of this task from Unbreak Now! to High.Sep 11 2017, 2:36 PM

OK I'm downing this to high for now because $ongoingShit

kyrios123 mentioned this in D1018: Initial version of gsm.Sep 16 2017, 2:09 PM
kyrios123 added a comment.EditedJan 12 2018, 12:33 PM

Do we have to use the updated SPDX licenses or can we keep on using the ones that have been deprecated since version 3.0 ?

JoshStrobl reassigned this task from ikey to DataDrake.Feb 9 2019, 8:21 PM
livingsilver94 added a subscriber: livingsilver94.Jan 21 2021, 9:29 PM
DrSheppard added a subscriber: DrSheppard.Sep 23 2021, 2:18 AM
DataDrake closed this task as Migrated.Feb 21 2022, 3:33 PM

I'm going to close this since it is on my TODO list for ypkg3

Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.