https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/TSC-250 tsc <p>The attached zip contains the source code for the Plastic project.</p> <p>Please have it code scanned.</p> <p>The project was accepted by the TSC on Oct 17, 2019</p> <p>Project page is <a href="https://wiki.opendaylight.org/view/Project_Proposals:Plastic" class="external-link" target="_blank" rel="nofollow noopener">https://wiki.opendaylight.org/view/Project_Proposals:Plastic</a></p> <p> </p> TSC-250

New ODL project PLASTIC needs a code scan

Story High Confirmed Unresolved Stephen Winslow Allan Clarke Thu, 31 Oct 2019 18:36:36 +0000 Fri, 1 Nov 2019 16:42:17 +0000 Magnesium 0 5 <p>I've completed a license scan of the attached zip file's contents using Fossology. Overall looks very good, most files contain EPL-1.0 notices and only one other finding was detected. Just a couple of minor notes below.</p> <ol> <li>Not a licensing issue, but note that there were a few files in the .zip archive that appear to be Mac metadata files (__MACOSX/ directory and .DS_Store). You'll likely want to exclude those from the repo.</li> <li>In the file /release-version, below the EPL-1.0 header there is an additional notice: "<em>Use of the software files and documentation is subject to license terms.</em>" Although this might be strictly true (as it's subject to EPL-1.0), it could be misread as saying that additional terms apply. I would recommend that the contributor remove this line before contributing it to the ODL repo.</li> <li>In the root directory, the files mvnw and mvnw.cmd contain Apache-2.0 license notices. This is likely not a significant issue because it appears these are intended to be standalone scripts, and Apache-2.0 is generally understood as a permissive license. However, if these files are not essential, it might be preferable to omit them from the repo so that it is only EPL-1.0.</li> <li>In the "No license found" tab, there are roughly 50 files listed where license notices were not detected. To improve license notice coverage, EPL-1.0 notices could likely be added to many of these files. Please note though that this can be an ongoing improvement and does not need to be addressed before pulling it into the ODL repo. <ol> <li>Further down, that tab also lists several "excluded file extension" files such as JSON files where license info cannot be easily added, due to a lack of a comments format; these can be disregarded.</li> </ol> </li> </ol> <p>I hope this is helpful – happy to discuss if any questions.</p> <p>Report: <span class="nobr"><a href="https://jira.opendaylight.org/secure/attachment/15502/15502_plastic-2019-10-31.xlsx" title="plastic-2019-10-31.xlsx attached to TSC-250">plastic-2019-10-31.xlsx^{<img class="rendericon" src="https://jira.opendaylight.org/images/icons/link_attachment_7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/>}</a></span></p> <p>Will resolve #1-3 (mostly by removing unwanted files)</p> <p>#4 will probably remain (and won't be an issue)</p> Development Rank 0|i03ps7: