Hey Mark,

There is some form of license checking in Anteater[1] though I doubt anyone
is looking closely at the reports, since we (Infra-WG/Anteater) could never
get traction for people to address the issues. It appears that newer
versions of Anteater no-longer do license scanning, and I'd guess that's
due to the availability of tools on other platforms like Github and
Gitlab that have integrations for license scanning readily available.

>From my understanding the majority of license validation is actually
handled by the LF legal team. They take a monthy snapshot of the code
and run it against a license scanning tool. They've gotten in contact
with me a handful of times to help sort out git issues, but never about
violations.

There used to be a either monthy or quarterly reconciliation done with
the PM or TSC, but I'm not sure if that's still happening. Reaching out
to [email protected] might provide some better insight.

Regards,
Trevor Bramwell

[1] https://git.opnfv.org/releng-anteater/tree/anteater/src/patch_scan.py#n158

On Tue, Jun 23, 2020 at 01:51:06PM -0400, Mark Beierl wrote:
> Thanks, Jack.
> 
> From my vague memory, this was a separate exercise where all the pip, git
> clone, or other third party inclusions were scanned from their upstream
> source to ensure we were not pulling files in that would violate our
> license.  Does that sound familiar?
> 
> Regards,
> Mark
> 
> On 2020-06-23 1:39 p.m., Jack Morgan wrote:
> > Mark
> > 
> > On 6/23/20 10:13 AM, Mark Beierl wrote:
> > > Hello, all.
> > > 
> > > I remember we used to have license scans for new patches
> > > (releng-anteater), but I also recall there were emails sent out
> > > about the inclusion of third party libraries which may not have
> > > conformed to OPNFV's licensing model.  Does anyone remember how that
> > > was done?  The results were sent out to the PTLs via a spreadsheet
> > > or something like that?
> > 
> > I'm sure Trevor has more insight here, but you can take a look at the
> > file below to get started. You can update your email address there which
> > is what I believe you are looking for.
> > 
> > https://git.opnfv.org/releng/tree/jjb/global/releng-macros.yaml?
> > 
> > 
> > 
> > Thanks,
> > -- 
> > Jack Morgan
> > 
> > 
> 

> 

Attachment: signature.asc
Description: PGP signature

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#24212): 
https://lists.opnfv.org/g/opnfv-tech-discuss/message/24212
Mute This Topic: https://lists.opnfv.org/mt/75064493/21656
Group Owner: [email protected]
Unsubscribe: https://lists.opnfv.org/g/opnfv-tech-discuss/unsub  
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to