Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-126403

Use only valid SPDX expressions in LicenseId (qt_attribution.json)

    XMLWordPrintable

Details

    • fc91074b2 (dev), fa6a08588 (6.8), 5707bb255 (dev), 8e22839aa (dev), 16f88076b (6.8), dab6e0653 (6.7), c6fa99b96 (6.8), b62a275da (6.7), 994986fb9 (dev), d8d0aeb17 (6.8), 15f6c458e (6.7), 08514f0f6 (6.7), 2bb7826b5 (dev), 4bede0086 (dev), e98480fb1 (6.8)

    Description

      Enforce that LicenseId entries in qt_attribution.json files contain valid SPDX expressions.

      For some time, we also supported using dejacode URN's for licenses that did not have a valid SPDX expression yet. Anyhow, this is not conformant with the SPDX standard that we want to use for SBOM's. So these should be either replaced by custom valid SPDX expressions (e.g. LicenseRef-*).

      List:

      qtbase/cmake/QtPublicSbomHelpers.cmake
      385:        if(NOT qa_license_id MATCHES "urn:dje:license")
       
      qtbase/src/3rdparty/wasm/qt_attribution.json
      13:    "LicenseId": "urn:dje:license:bitstream",
       
      qtbase/src/3rdparty/wintab/qt_attribution.json
      11:    "LicenseId": "urn:dje:license:lcs-telegraphics",
       
      qtwebengine/examples/webenginewidgets/cookiebrowser/3rdparty/qt_attribution.json
      12:    "LicenseId": "urn:dje:license:public-domain",
       
      qtwebengine/examples/webenginewidgets/simplebrowser/data/3rdparty/qt_attribution.json
      12:    "LicenseId": "urn:dje:license:public-domain",
       
      qtwebengine/examples/webenginewidgets/permissionbrowser/resources/3rdparty/qt_attribution.json
      12:    "LicenseId": "urn:dje:license:public-domain",
       
      qtwebengine/examples/webenginequick/quicknanobrowser/icons/3rdparty/qt_attribution.json
      12:    "LicenseId": "urn:dje:license:public-domain",
       
      qttools/src/qtattributionsscanner/qdocgenerator.cpp
      133:    } else if (package.licenseId.startsWith("urn:dje:license:"_L1)) {
       
      qtshadertools/src/3rdparty/SPIRV-Cross/qt_attribution.json
      12:        "LicenseId": "Apache-2.0 AND urn:dje:license:khronos",
       
      qtshadertools/src/3rdparty/glslang/qt_attribution.json
      12:        "LicenseId": "BSD-3-Clause AND urn:dje:license:khronos AND Apache-2.0 AND GPL-3.0-or-later WITH Bison-exception-2.2 AND AML-glslang",
       

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            kkohne Kai Köhne
            kkohne Kai Köhne
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: