Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apps: migrate to SPDX identifier #2899

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

apps: migrate to SPDX identifier #2899

wants to merge 8 commits into from
+536 −219

Conversation

jerpelea
Copy link
Contributor

Summary

Most tools used for compliance and SBOM generation use SPDX identifiers This change brings us a step closer to an easy SBOM generation.

Impact

SBOM

Testing

CI

@jerpelea
audioutils: migrate to SPDX identifier
6cbdd4b 
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.

Signed-off-by: Alin Jerpelea <[email protected]>
@jerpelea
benchmarks: migrate to SPDX identifier
a7d885b 
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.

Signed-off-by: Alin Jerpelea <[email protected]>
@nuttxpr
Copy link

nuttxpr commented Dec 18, 2024

[Experimental Bot, please feedback here]

No, this PR description does not meet the NuttX requirements. While it attempts to follow the structure, it lacks crucial details. Here's why:

  • Summary: While it states the why, it's vague. What tools? What kind of SPDX identifiers? It completely omits what is changing, how the change works, and any related issue references. Example: "This change adds SPDX license identifiers to the source files within the core OS directory (e.g., sched/, drivers/). This will allow tools like [tool name] to generate a compliant SBOM. This addresses issue #[issue number]."

  • Impact: Simply stating "SBOM" isn't helpful. You need to address all impact points with "YES/NO" and descriptions where necessary. For example, "Impact on documentation: YES - The README will be updated to explain how to generate an SBOM." Even if the answer is "NO", state it explicitly.

  • Testing: "CI" isn't sufficient. List the specific build hosts and targets tested. Provide actual log snippets demonstrating the change's effect, not just "your testing logs here". Show the absence of SPDX identifiers before and their presence after the change. Example:

    • Build Host(s): Linux (Ubuntu 22.04), x86_64, GCC 11.2
    • Target(s): qemu-sim:default

    Testing logs before change (excerpt from sched/sched.c):

    /* No SPDX identifier present */

    Testing logs after change (excerpt from sched/sched.c):

    // SPDX-License-Identifier: Apache-2.0

In short, the PR description needs to be significantly more detailed and explicit to meet the NuttX requirements. It should provide specific information about the changes, their impact, and clear evidence of testing.

@jerpelea jerpelea force-pushed the master branch 2 times, most recently from 2cfb67a to 1d37300 Compare December 18, 2024 07:39
@jerpelea
benchmarks: migrate license to ASF
f551863 
Xiaomi has submitted the SGA and we can migrate the licese to ASF

Signed-off-by: Alin Jerpelea <[email protected]>
@jerpelea
boot: migrate to SPDX identifier
e6f5a32 
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.

Signed-off-by: Alin Jerpelea <[email protected]>
@jerpelea
cmake: migrate to SPDX identifier
27d97d2 
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.

Signed-off-by: Alin Jerpelea <[email protected]>
@jerpelea
database: migrate to SPDX identifier
a21d9c0 
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.

Signed-off-by: Alin Jerpelea <[email protected]>
@jerpelea
Copy link
Contributor Author

jerpelea commented Dec 18, 2024
edited
Loading

@xiaoxiang781216 please ignore can nxstyle errors

cederom
cederom approved these changes Dec 18, 2024
View reviewed changes
Copy link

@cederom cederom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @jerpelea :-)

cederom
cederom requested changes Dec 18, 2024
View reviewed changes
Copy link

@cederom cederom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Some code changes slipped in causing build errors that needs to be fixed?
  • Maybe also good moment to fix reported code formatting issues?
  • Or just update SPDX headers without touching the code?

@jerpelea
builtin: migrate to SPDX identifier
5c7f357 
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.

Signed-off-by: Alin Jerpelea <[email protected]>
@jerpelea
canutils: migrate to SPDX identifier
f707c09 
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.

Signed-off-by: Alin Jerpelea <[email protected]>
@jerpelea
Copy link
Contributor Author

@xiaoxiang781216 ready to go

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xiaoxiang781216 xiaoxiang781216 xiaoxiang781216 approved these changes

@cederom cederom cederom requested changes

Assignees
No one assigned
Labels
Area: Audio Area: Benchmarks Area: Binfmt Area: Boot Area: Build System Area: CAN Area: Database Size: L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jerpelea @nuttxpr @cederom @xiaoxiang781216