Let me just throw in one idea with respect to Open Source License
Compliance and packaging - with "traditional" programming languages.
Let's say we ship a product and are in the phase of an Open Source
License Compliance audit.
We have a couple of interesting issues here
1) Actually we just need to audit the "main package", which is installed
on the target. Unfortunately we completely lost the connection between
what's in the various packages and where those things come from. What I
mean is, that we typically audit the whole source repo, which contains
e.g. test cases as well, but those test cases don't even end up in the
target. Which leads to "over reporting".
1.1) Now we could just say we need some license files which are in the
repo plus the -src or -dbg package, depending on how things are built.
Ideally the debug sources are those which correspond to what's installed
on the target.
2) What else is kind of lost, or not taken into account with licensing
is linking. We only see each package/repo individually, but the right
thing to do would be to look at the combined work.
If we look at the total project just auditing what's actually needed
would help a lot time-wise as well ;)
Regards
(another) Robert ;)
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#151773):
https://lists.openembedded.org/g/openembedded-core/message/151773
Mute This Topic: https://lists.openembedded.org/mt/82821703/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
