Initial release of copyright scanner library
This copyright scanner library has been developed for the purpose of
creating a plugin to ensure necessary review when new revisions may
introduce copyrighted files that are not compliant with a project's
policies around copyright.
Initially targeted at the AOSP gerrit instances with the intent to
expand to other Google-owned instances, the plugin will be completely
configurable.
Best practices identify allowed copyrights as first party or third
party, and restrict third party copyrights to specific locations.
See for example: https://opensource.google.com/docs/thirdparty/
Revisions containing only first-party code do not require special
review.
Revisions to files in locations where third-party code is allowed that
consist entirely of first-party code or appropriately licensed
third-party code do not require special review.
Revisions to files outside locations where third party licenses are
allowed that appear to have third party licenses will require special
review to verify they are false positives, or a qualified reviewer may
reject the commit.
Changes to files that seem to introduce unknown or forbidden licenses
likewise require special review. A qualified reviewer may determine
that an unknown license has acceptable terms and allow it. The reviewer
may determine the match is a false positive or reject the change.
See for example: https://opensource.google.com/docs/thirdparty/licenses/
and: https://opensource.google.com/docs/using/agpl-policy/
This commit does not include the plugin. It releases the copyright
scanner library. The library has been extensively tested and used
internally for analyzing content on AOSP hosts.
The library and associated command-line tool supports deep scans into
archive files (.zip, .jar, .apk etc.); however, the plugin will perform
only shallow scans.
Change-Id: I8800cf011f392d7d0c848f43a8efa095dd68ad0a
35 files changed
