Snippets Groups Projects

Special/dual license are not caugth by scanning tooling

Background

The Apertis scanning tools try to get the license and copyright information for all the packages in order to enforce Apertis policies. However, this process is not perfect and something they cannot guess the right one.

As example in pkg/gnutls28!45 (merged) is discussed the issue with libunistring which has dual license "L#3 (closed) and GPL-2" which our tooling get as LGPL-3.

Reproducibility

How often the issue is hit when repeating the steps to reproduce and changing nothing?

Put the in the most appropriate entry:

always
often, but not always
rarely

Impact of bug

How severe is the bug? Does it render an image unbootable? Is it a security issue? Does it prevent specific applications from working? What is the impact? Does this bug affect a critical component? Does it cause something else to not work? How often is the bug likely to be found by a user? For example, every boot or once per year?

Outcomes

TBD

Management data

This section is for management only, it should be the last one in the description.

/cc @em @balasubramanian @sudarshan @wlozano

Phabricator link: https://phabricator.apertis.org/T10979

Edited 1 week ago

Designs

Child items ...

Activity

Walter Lozano added priority:needs triage release:v2023 release:v2024 release:v2025pre status:unconfirmed labels 1 week ago

added priority:needs triage release:v2023 release:v2024 release:v2025pre status:unconfirmed labels
Walter Lozano mentioned in merge request pkg/gnutls28!45 (merged) 1 week ago

mentioned in merge request pkg/gnutls28!45 (merged)
Apertis CI robot changed the description 1 week ago

changed the description

Please register or sign in to reply

Apertis Website Terms of Use Privacy Policy