At the moment it is pretty much ignored since this project only distributes the tooling and no pre-built images.
At some point, taking care of not violating any licenses becomes necesary.
What I think needs to be done:
- Add license string to every binary package (holding an SPDX expression) and whether it contains
static libraries, dynamic libraries, headers, executables.
- Somehow mark packages that patch their source.
- Generate a report about packages that modify their source and have copyleft licenses or licenses that require modified versions to be marked.
- Check license compliance and what license to use when building packages that link against stuff from other packages.
- When building the rootfs package, determine what licenses we need from the package list and include them.
- Add an auto generated list to the rootfs with upstream package source locations and a reference to the license.
- Figure out how to handle modified, copyleft licensed packages.
At the moment it is pretty much ignored since this project only distributes the tooling and no pre-built images.
At some point, taking care of not violating any licenses becomes necesary.
What I think needs to be done:
static libraries, dynamic libraries, headers, executables.