Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-86311

Validate Third-Party Documentation with scancode

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • P3: Somewhat important
    • None
    • None
    • Documentation
    • None

    Description

      We should use scancode to systematically go through the third-party code in Qt, and verify that our documentation is correct and complete.

      Scancode

      Scancode is a command line tool to extract copyright, license information out of sources. It is slow, but it's results are pretty accurate.

      Scancode Workbench

      Scancode Workbench is a GUI tool to inspect the information generated by scancode.

      Steps needed

      For each repository of Qt, do

       - Extract sources, removing own license markers (lines between QT_BEGIN_LICENSE, QT_END_LICENSE)

      • run scancode with options -n6 --license --copyright --json qtmodule.json path_to_qt_module/src , n6 being the number of CPU's to use
      • Load generated qtmodule.json into Scancode Workbench
      • Compare scancode results with Third-Party Code documented in the online documentation for the respective Qt modules
      • Do we accurately report all third-party licenses?
      • Do we accurately report all third-party Copyright statements in code that is not governed by the Qt licenses?
      • Do we accurately report all files/directories that have different licenses?
      • Report results, fix deviations in the respective qt_attribution.json file

      How to compare licenses

      Note that scancode identifies licenses through their identifier in DejaCode https://enterprise.dejacode.com/licenses/ . In Qt documentation we try to use the SPDX identifier and license name instead.

      Anyhow, Scancode also reports the SPDX-Identifier (if available). If we hit cases where there's no SPDX identifier / yet we should fall back to the DejaCode URN and license name.
       

      How to compare copyright statements

      In Qt we try to sanitize copyright lines, sometimes aggregating multiple lines into one.

      Copyright 2013-2015 Google
      Copyright 2004 Google
      Copyright 2008 Google

      can be aggregated to

      Copyright 2004, 2008, 2013-2015 Google

      An internal script is available to help facilitate (parts of) these aggregations.

      Note that some copyrights can also be ignored, e.g. because they affect parts of code that doesn't directly affect source code that is compiled into Qt. Examples are Copyrights for the Free Software Foundation (typically copyright for licenses).

      Attachments

        Issue Links

          relates to

          User Story - Created by Jira Software - do not edit or delete. Issue type for a user story. QTQAINFRA-6772 Integrate scancode for analysing third-party code

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Open
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              docteam Qt Documentation Team
              kkohne Kai Köhne
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes