Skip to content

feat: Create bill of materials instead of only extracted comments#45259

Closed
susnux wants to merge 2 commits intomasterfrom
feat/bom-js
Closed

feat: Create bill of materials instead of only extracted comments#45259
susnux wants to merge 2 commits intomasterfrom
feat/bom-js

Conversation

@susnux
Copy link
Contributor

@susnux susnux commented May 10, 2024

Summary

Do not extract comments (that depends on regex) but correctly export BOM from packages used.

Checklist

susnux added 2 commits May 10, 2024 19:57
@susnux
feat: Create BOM for frontend code instead of only extract comments
abd0930 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: Build assets
483ae76 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux susnux requested a review from AndyScherzinger May 10, 2024 18:01
@susnux susnux mentioned this pull request May 10, 2024
Merged
5 tasks
@st3iny
Copy link
Member

st3iny commented May 10, 2024

Does that also include license headers from our own source code or just from the packages used?

@susnux
Copy link
Contributor Author

susnux commented May 10, 2024

Does that also include license headers from our own source code or just from the packages used

No but all other licenses we depend on, as all of our code is licensed under AGPL-3.0 (some parts even AGPL-3.0+ but at least AGPL-3.0 and compatible so that we can publish it under AGPL-3.0)

@AndyScherzinger
Copy link
Member

AndyScherzinger commented May 11, 2024
edited
Loading

No but all other licenses we depend on, as all of our code is licensed under AGPL-3.0 (some parts even AGPL-3.0+ but at least AGPL-3.0 and compatible so that we can publish it under AGPL-3.0)

Well, this might not be absolutely true in 100% of all cases while true for most. Some files do have MIT or Apache or else, while always compatible. However for any file not shipping a license header we need to have an entry in the dep5 file which is rather complicated for generated files where a wildcard would catch all files, also the ones that aren't the default license.

Do we have a chance to also generate .license files for our own files living right next to them? In that case we would have the best way to achieve reuse compliance without relying on the dep5 file. So at least for these we could then generate the files lice today but for SPDX, no?

Happy to sit-down during the Berlin week 😃

@susnux
Copy link
Contributor Author

susnux commented May 13, 2024

But relying on extracted comments also is not the best solution as it will likely not contain 3rdparty licenses from code bundled in. Because often 3rdparty has removed all comments from code.

Happy to sit-down during the Berlin week 😃

Sure :)

@github-actions

This comment was marked as off-topic.

Sign in to view
@solracsf solracsf added this to the Nextcloud 30 milestone Jun 18, 2024
@susnux susnux closed this Jul 3, 2024
@susnux susnux deleted the feat/bom-js branch July 3, 2024 12:08
@AndyScherzinger AndyScherzinger removed this from the Nextcloud 30 milestone Jul 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndyScherzinger AndyScherzinger Awaiting requested review from AndyScherzinger

Assignees

No one assigned

Labels

feedback-requested

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@susnux @st3iny @AndyScherzinger @solracsf