eclipse
Augment IP Logs with output from the Dash License Tool
IPZilla had originally been used to both track the process of reviewing and approving content, and tracking its use. Piggyback CQs, for example, exist only for tracking use. We actually eliminated the need for piggybacks some time ago.
The obvious solution is to leverage the output of this tool. The "-summary" option can be used to generate a CSV summary of the dependencies, their license, and approval state.
I'm thinking that it could be a handy addition to the repository. That is, use the tool to generate a file named DEPENDENCIES and just commit it in the repository as the record of third party dependencies. Note that this would make the NOTICES file redundant (which is almost certainly out-of-date most of the time anyway), so we can eliminate that file.
Note that the tool doesn't currently provide license information for content that it identifies as Eclipse project content. I'm hopeful that I'll be able to extend the backend to support that. There's no requirement to include Eclipse project content in the log, so one option is to just eliminate it before feeding it to the tool (e.g., pipe through "grep -v eclipse.org").
For the time being, I have been (though not 100% consistently) running builds, generating the DEPENDENCIES file, and uploading it as an additional attachment on the IP Log review CQs.
I like the idea of adding the DEPENDENCIES file to the project repository. However, I am not convinced that it could replace the NOTICE file (completely) because the NOTICE file also takes care of providing information necessary to comply with the used dependecies' other license obligations like providing links to the source code etc.
However, maybe we can extend the dash tool to also put such information into the generated output. At least the information about the source code location should be available from both IPZilla and Clearlydefined, right?
We need to think about how we represent works with dependencies and their dependencies (related to #13).