EPIC: As PM of the project Solda I would like to create a tool for compliance testing of Yocto builds.
Closed this issue · 2 comments
Inside the WP3 of the project Solda we need to develop a tool that helps Huawei to check compliance of Yocto builds.
- Organize a meeting with Alberto to define project specification
- Understand effort and possible involvement of external
- Develop the tool until 22nd of february
@LucaMiotto See https://git.ostc-eu.org/oss-compliance/toolchain/solda-alienmatcher for a tool that tries to find matching packages on Debian and takes license/copyright information from there. OSTC provides us then input to that tool, so we do not need to dig into Yocto file structures. The output is for each source file a license in SPDX format, or a hint that the license could not be derived automatically.
Future steps:
- Find other automatic ways to check those missing files (ex., scancode or diffcode)
- Try to enhance license information with those tools, and if still nothing could be found or the confidence is too low, we pass it to the audit team (fossology)
- I opened several issues/questions on https://git.ostc-eu.org/oss-compliance/toolchain/solda-alienmatcher/-/issues to discuss the tool and to understand what we need
I think this step can therefore be closed, right? We should maybe create smaller user stories, otherwise this EPIC stays open for too long I guess.
Next steps and future improvements could then also involve external contributors... Now I have the knowledge to guide them.
Cheers,
Peter
@Piiit yes, agreed. We can define a new set of small user stories. In the meantime I will create a new one and then we can define together the content for the others.