Hey Mark, There is some form of license checking in Anteater[1] though I doubt anyone is looking closely at the reports, since we (Infra-WG/Anteater) could never get traction for people to address the issues. It appears that newer versions of Anteater no-longer do license scanning, and I'd guess that's due to the availability of tools on other platforms like Github and Gitlab that have integrations for license scanning readily available.
>From my understanding the majority of license validation is actually handled by the LF legal team. They take a monthy snapshot of the code and run it against a license scanning tool. They've gotten in contact with me a handful of times to help sort out git issues, but never about violations. There used to be a either monthy or quarterly reconciliation done with the PM or TSC, but I'm not sure if that's still happening. Reaching out to [email protected] might provide some better insight. Regards, Trevor Bramwell [1] https://git.opnfv.org/releng-anteater/tree/anteater/src/patch_scan.py#n158 On Tue, Jun 23, 2020 at 01:51:06PM -0400, Mark Beierl wrote: > Thanks, Jack. > > From my vague memory, this was a separate exercise where all the pip, git > clone, or other third party inclusions were scanned from their upstream > source to ensure we were not pulling files in that would violate our > license. Does that sound familiar? > > Regards, > Mark > > On 2020-06-23 1:39 p.m., Jack Morgan wrote: > > Mark > > > > On 6/23/20 10:13 AM, Mark Beierl wrote: > > > Hello, all. > > > > > > I remember we used to have license scans for new patches > > > (releng-anteater), but I also recall there were emails sent out > > > about the inclusion of third party libraries which may not have > > > conformed to OPNFV's licensing model. Does anyone remember how that > > > was done? The results were sent out to the PTLs via a spreadsheet > > > or something like that? > > > > I'm sure Trevor has more insight here, but you can take a look at the > > file below to get started. You can update your email address there which > > is what I believe you are looking for. > > > > https://git.opnfv.org/releng/tree/jjb/global/releng-macros.yaml? > > > > > > > > Thanks, > > -- > > Jack Morgan > > > > > >
signature.asc
Description: PGP signature
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#24212): https://lists.opnfv.org/g/opnfv-tech-discuss/message/24212 Mute This Topic: https://lists.opnfv.org/mt/75064493/21656 Group Owner: [email protected] Unsubscribe: https://lists.opnfv.org/g/opnfv-tech-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
