Linux Foundation license scan identifies a number of problems which need to be resolved before any releasing. This wiki page describes the best practices for resolving these identified issues.
Binary files
We cannot have binary files in Gerrit.o-ran-sc.org repo. If the scan report identifies any binary files, they need to be removed. Artifacts built from source codes are hosted in their corresponding repos, not in Gerrit.
Use restriction statement
If a file is identified to have use restriction, the inclusion and use by O-RAN SC must comply within the restriction. Otherwise such a file must be removed.
Copy left licenses
In general, we cannot have files under "copy left" licenses such as GPL in our Gerrit repos.
Files identified by scan to be under a copy left license shall be removed or replaced by alternatives under open source friendly licenses, or developed by O-RAN SC. If the use of such "copyleft-ed" files is not avoidable, the PTL needs to request for ToC approval for exception. In such request the PTL shall describe how such files are used and why the use of such files does not compromise the integrity of the O-RAN SC licenses.
Weak Copy left
In general, we cannot have files under "weak copy left" licenses such as LGPL in our repos.
Files identified by scan to be under a copy left license shall be removed or replaced by alternatives under open source friendly licenses, or developed by O-RAN SC. If the use of such "weak copyleft-ed" files is not avoidable, the PTL needs to request for ToC approval for exception. In such request the PTL shall describe how such files are used and why the use of such files does not compromise the integrity of the O-RAN SC licenses.
License statement incorrect
Problems identified under this category must be fixed by correcting the incorrect statements or inconsistency.
Attribution
This category includes the uses of files under open source friendly licenses that are not within the O-RAN SC license family, such as MIT, BSD, etc.
For all files original to the O-RAN SC, we must use one of our licenses, i.e. Apache 2, Creative Commons 4, or O-RAN Software v1.
For files under these non O-RAN SC licenses that are originated from external sources, the use need to be reported to and approved by the ToC. Such files shall be placed under a directory clearly indicating its external originality, such as "external", "thirdparty", "vendor", etc.
The PTL will need to describe the use of these files to the ToC for approval, including how they are used in the project, their original location, and where they are placed under the O-RAN SC repo.
No license
Code files must contain license claim at the beginning. The standard text for O-RAN SC licenses can be found here:
The only exception is for files downstream-ed from external sources. If the original file does not carry any license claim, we do not need to add a claim. However, 1. we need to make sure they are not from projects under copyleft licenses, and 2. such files need to be placed under a directory clearly indicating its external originality, such as "external", "thirdparty", "vendor", etc.
In addition, the PTL need to report the use of these files to the ToC for approval, including how they are used in the project, their original location and license, and where they are placed under the O-RAN SC repo.
False positives
If an identified issue is believed to be incorrect, an exception must be filed to the ToC to clarify the use and why owner believes that the report is incorrect.
Files/file types that should be excluded from having license claim header
Need ToC Approval:
.gitattributes
.gitignore
.gitmodules
.gitreview
.readthedocs.yaml
INFO.yaml
favicon.ico
*.png
*.gif
*.jpg
*.json