[Buildroot] [PATCH] core/legal-info: Add package dependencies with licenses to the manifest
Matthew Weber
matthew.weber at rockwellcollins.com
Fri Aug 10 13:35:13 UTC 2018
Michal,
On Fri, Aug 10, 2018 at 5:37 AM Michal Sojka <sojkam1 at fel.cvut.cz> wrote:
>
> Hi Matthew,
>
> On Thu, Aug 09 2018, Matthew Weber wrote:
> > Michal,
> >
> > On Thu, Aug 9, 2018 at 12:08 PM <sojkam1 at fel.cvut.cz> wrote:
> >>
> >> From: Michal Sojka <michal.sojka at cvut.cz>
> >>
> >> This adds one column to the legal-info manifest table. It contains the
> >> dependencies of the given package and their licenses. This information
> >> is useful when assessing license compatibility of the packages and
> >> their libraries.
> >>
> >> An example of the content of the new column for the MPD package is
> >> shown below:
> >>
> >> "alsa-lib (LGPL-2.1+ (library), GPL-2.0+ (aserver)),
> >> boost (BSL-1.0), libid3tag (GPL-2.0+), libmad (GPL-2.0+),
> >> libzlib (Zlib), skeleton-init-common (unknown),
> >> skeleton-init-sysv (unknown),
> >> toolchain-external-linaro-arm (unknown), "
> >
> > This output is definitely good verbose data to look at for possible
> > licensing violations/inheritance. Maybe it would be better show as a
> > part of the dependency graph?
>
> I was also thinking about that, but my feeling is that lawyers and
> managers prefer tables over graphs and I need this information for those
> people.
I didn't notice this initially, but this may point out that we need to
tag the license info for buildroot items (skeleton, etc) and
toolchain. However that may not really matter as these dependencies
don't reflect actual use (linking, etc). So how are you using this
data as it doesn't exactly reflect license interaction between those
dependent packages?
Matt
More information about the buildroot
mailing list