Details
-
User Story
-
Resolution: Unresolved
-
P3: Somewhat important
-
None
-
None
-
None
Description
When adding third-party code to Qt Project repositories, the author and reviewer should take extra care to document the copyright and licenses in these files (see QUIP 4). The information not only need to match the information in qt_attribution.json files (see QUIP 7), but now also for reuse compliancy (see [QUIP 18|https://contribute.qt-project.org/quips/18).
Often enough, the upstream projects claim some general copyright and license (for instance in a README file), but does leave out some minor copyrights or licenses. So, before adding and updating such projects, it is important to do an actual audit of the license and coypright in the sources vs in the documentation.
A popular tool for scanning such licenses is scancode. It can be launched from command line, and produce output in various formats.
Scancode is not difficult to set up (as there are also ready-made docker images etc), but does still require some experience to use efficiently. It would therefore be great if such a service be integrated into gerrit, as a requested automatic review.
Attachments
Issue Links
- relates to
-
QTBUG-86311 Validate Third-Party Documentation with scancode
-
- Reported
-