EPIC: As PM of the project Solda I would like to create a tool for compliance testing of Yocto builds.

[LucaMiotto]

Inside the WP3 of the project Solda we need to develop a tool that helps Huawei to check compliance of Yocto builds.

• [x] Organize a meeting with Alberto to define project specification
• [x] Understand effort and possible involvement of external
• [x] Develop the tool until 22nd of february

[Piiit]

@LucaMiotto See https://git.ostc-eu.org/oss-compliance/toolchain/solda-alienmatcher for a tool that tries to find matching packages on Debian and takes license/copyright information from there. OSTC provides us then input to that tool, so we do not need to dig into Yocto file structures. The output is for each source file a license in SPDX format, or a hint that the license could not be derived automatically.

Future steps:

• Find other automatic ways to check those missing files (ex., scancode or diffcode)
• Try to enhance license information with those tools, and if still nothing could be found or the confidence is too low, we pass it to the audit team (fossology)
• I opened several issues/questions on https://git.ostc-eu.org/oss-compliance/toolchain/solda-alienmatcher/-/issues to discuss the tool and to understand what we need

I think this step can therefore be closed, right? We should maybe create smaller user stories, otherwise this EPIC stays open for too long I guess.

Next steps and future improvements could then also involve external contributors... Now I have the knowledge to guide them.

Cheers, Peter

[LucaMiotto]

@Piiit yes, agreed. We can define a new set of small user stories. In the meantime I will create a new one and then we can define together the content for the others.