[openstack-dev] Storing license information in openstack/requirements
David Koo
kpublicmail at gmail.com
Tue Feb 18 00:21:47 UTC 2014
> Should we store licensing information as a comment in the
> *-requirements files ? Can it be stored on the same line ? Something
> like:
>
> oslo.messaging>=1.3.0a4 # Apache-2.0
Since it's licenses we're tracking shouldn't we be tracking indirect
dependencies too (i.e. packages pulled in by required packages)? And if
we want to do that then the method above won't be sufficient.
And, of course, we want an automated way of generating this info -
dependencies (can) change from version to version. Do we have such a
tool?
--
Koo
On Mon, 17 Feb 2014 17:01:24 +0100
Thierry Carrez <thierry at openstack.org> wrote:
> Hi everyone,
>
> A year ago there was a discussion about doing a license inventory on
> OpenStack dependencies, to check that they are compatible with our own
> license and make sure any addition gets a proper license check.
>
> Back then I proposed to leverage the openstack/requirements repository
> to store that information, but that repository was still
> science-fiction at that time. Now that it's complete and functional,
> I guess it's time to revisit the idea.
>
> Should we store licensing information as a comment in the
> *-requirements files ? Can it be stored on the same line ? Something
> like:
>
> oslo.messaging>=1.3.0a4 # Apache-2.0
>
More information about the OpenStack-dev
mailing list