[openstack-dev] Storing license information in openstack/requirements

Thierry Carrez thierry at openstack.org
Wed Feb 19 11:13:27 UTC 2014


Sean Dague wrote:
> Honestly, if we are going to track this, we should probably do the set
> of things that reviewers tend to do when running through these.
> 
> License:
> Upstream Location:
> Ubuntu/Debian Package: Y/N? (url)
> Fedora Package: Y/N? (url)
> Suse Package: Y/N? (url)
> Last Release: Date (in case of abandonware)
> Python 3 support: Y/N? (informational only)
> 
> I'd honestly stick that in a yaml file instead, and have something
> sanity check it on new requirements add.

Licensing is the only legally-binding issue at stake, the rest are
technically-binding issues that we consider when we accept or reject a
new dependency. I'm not saying there is no value in tracking that extra
information, just saying that we really need to track licensing. I don't
want perfection to get in the way of making baby steps towards making
things better.

Tracking licensing is a good first step, and having full licensing
coverage will take some time. We shouldn't block on YAML conversion or
full technical information... As a first step let's just accept patches
that mention licensing information in trailing comments, then if someone
wants to convert the requirements files to YAML so that they can contain
more information, great!

-- 
Thierry Carrez (ttx)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140219/39b3d6a6/attachment.pgp>


More information about the OpenStack-dev mailing list