Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-126403

Use only valid SPDX expressions in LicenseId (qt_attribution.json)

    XMLWordPrintable

Details

    • User Story
    • Resolution: Unresolved
    • P1: Critical
    • 6.8.0 FF
    • None
    • Other
    • None
    • fc91074b2 (dev), fa6a08588 (6.8), 5707bb255 (dev), 8e22839aa (dev), 16f88076b (6.8), dab6e0653 (6.7), c6fa99b96 (6.8), b62a275da (6.7), 994986fb9 (dev)

    Description

      Enforce that LicenseId entries in qt_attribution.json files contain valid SPDX expressions.

      For some time, we also supported using dejacode URN's for licenses that did not have a valid SPDX expression yet. Anyhow, this is not conformant with the SPDX standard that we want to use for SBOM's. So these should be either replaced by custom valid SPDX expressions (e.g. LicenseRef-*).

      List:

      qtbase/cmake/QtPublicSbomHelpers.cmake
385:        if(NOT qa_license_id MATCHES "urn:dje:license")
 
qtbase/src/3rdparty/wasm/qt_attribution.json
13:    "LicenseId": "urn:dje:license:bitstream",
 
qtbase/src/3rdparty/wintab/qt_attribution.json
11:    "LicenseId": "urn:dje:license:lcs-telegraphics",
 
qtwebengine/examples/webenginewidgets/cookiebrowser/3rdparty/qt_attribution.json
12:    "LicenseId": "urn:dje:license:public-domain",
 
qtwebengine/examples/webenginewidgets/simplebrowser/data/3rdparty/qt_attribution.json
12:    "LicenseId": "urn:dje:license:public-domain",
 
qtwebengine/examples/webenginewidgets/permissionbrowser/resources/3rdparty/qt_attribution.json
12:    "LicenseId": "urn:dje:license:public-domain",
 
qtwebengine/examples/webenginequick/quicknanobrowser/icons/3rdparty/qt_attribution.json
12:    "LicenseId": "urn:dje:license:public-domain",
 
qttools/src/qtattributionsscanner/qdocgenerator.cpp
133:    } else if (package.licenseId.startsWith("urn:dje:license:"_L1)) {
 
qtshadertools/src/3rdparty/SPIRV-Cross/qt_attribution.json
12:        "LicenseId": "Apache-2.0 AND urn:dje:license:khronos",
 
qtshadertools/src/3rdparty/glslang/qt_attribution.json
12:        "LicenseId": "BSD-3-Clause AND urn:dje:license:khronos AND Apache-2.0 AND GPL-3.0-or-later WITH Bison-exception-2.2 AND AML-glslang",

      Attachments

        For Gerrit Dashboard: QTBUG-126403
        # Subject Branch Project Status CR V
        571026,2 Replace urn:dje license identifier with SPDX compatible one 6.7 qt/qtwebengine Status: NEW 0 0
        571650,1 Replace urn:dje license identifier II 6.8 qt/qtwebengine Status: NEW +2 0
        570362,4 Use SPDX identifier to Wintab attribution dev qt/qtbase Status: MERGED +2 0
        570368,2 Update identifier and name for Khronos license dev qt/qtshadertools Status: MERGED +2 0
        570693,2 Update identifier and name for Khronos license 6.8 qt/qtshadertools Status: MERGED +2 0
        570698,3 Update identifier and name for Khronos license 6.7 qt/qtshadertools Status: MERGED +2 0
        570768,2 Use SPDX identifier to Wintab attribution 6.8 qt/qtbase Status: MERGED +2 0
        570849,2 Replace urn:dje license identifier with SPDX compatible one dev qt/qtwebengine Status: MERGED +2 0
        571007,2 Replace urn:dje license identifier with SPDX compatible one 6.8 qt/qtwebengine Status: MERGED +2 0
        571011,2 Use SPDX identifier to Wintab attribution 6.7 qt/qtbase Status: MERGED +2 0
        571045,2 Replace urn:dje license identifier II dev qt/qtwebengine Status: MERGED +2 0

        Activity

          People

            kkohne Kai Köhne
            kkohne Kai Köhne
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: