tequilaOS/platform_build
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_build/tools/compliance/doc.go
Bob Badour 43daade15f Add some documentation and simplify data model. 
Bug: 245562496

Test: m droid
Change-Id: Iae757a5767522e0734abbe3840ea0939620197e7
2022-10-28 12:06:08 -07:00

84 lines
3.5 KiB
Go
Raw Blame History

// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Much of this content appears too in README.md
// When changing this file consider whether the change also applies to README.md
/*
Package compliance provides an approved means for reading, consuming, and
analyzing license metadata graphs.
Assuming the license metadata and dependencies are fully and accurately
recorded in the build system, any discrepancy between the official policy for
open source license compliance and this code is a bug in this code.
A few principal types to understand are LicenseGraph, LicenseCondition, and
ResolutionSet.
LicenseGraph
------------
A LicenseGraph is an immutable graph of the targets and dependencies reachable
from a specific set of root targets. In general, the root targets will be the
artifacts in a release or distribution. While conceptually immutable, parts of
the graph may be loaded or evaluated lazily.
Conceptually, the graph itself will always be a directed acyclic graph. One
representation is a set of directed edges. Another is a set of nodes with
directed edges to their dependencies.
The edges have annotations, which can distinguish between build tools, runtime
dependencies, and dependencies like 'contains' that make a derivative work.
LicenseCondition
----------------
A LicenseCondition is an immutable tuple pairing a condition name with an
originating target. e.g. Per current policy, a static library licensed under an
MIT license would pair a "notice" condition with the static library target, and
a dynamic license licensed under GPL would pair a "restricted" condition with
the dynamic library target.
ResolutionSet
-------------
A ResolutionSet is an immutable set of `AttachesTo`, `ActsOn`, `Resolves`
tuples describing how license conditions apply to targets.
`AttachesTo` is the trigger for acting. Distribution of the target invokes
the policy.
`ActsOn` is the target to share, give notice for, hide etc.
`Resolves` is the set of condition types that the action resolves.
For most condition types, `ActsOn` will be the target where the condition
originated. For example, a notice condition policy means attribution or notice
must be given for the target where the condition originates. Likewise, a
proprietary condition policy means the privacy of the target where the
condition originates must be respected. i.e. The thing acted on is the origin.
Restricted conditions are different. The infectious nature of restricted often
means sharing code that is not the target where the restricted condition
originates. Linking an MIT library to a GPL library implies a policy to share
the MIT library despite the MIT license having no source sharing requirement.
In this case, one or more resolution tuples will have the MIT license module in
`ActsOn` and the restricted condition originating at the GPL library module in
`Resolves`. These tuples will `AttachTo` every target that depends on the GPL
library because shipping any of those targets trigger the policy to share the
code.
*/
package compliance
Reference in a new issue View git blame Copy permalink