[Development] Qt Sources Software Bill of Materials (SBOM) with REUSE
Lucie Gérard
lucie.gerard at qt.io
Wed Jul 17 14:56:22 CEST 2024
Dear All,
As we've heard already, starting with Qt 6.8, the build system will generate a Software Bill of Materials (SBOM) file for each built repo in the CI.
The Qt Sources SBOM is to be produced using the REUSE tool (https://reuse.software/spec-3.2/).
In order to achieve this, REUSE.toml files are introduced to account for the copyright and license that are not documented in file or are not readable by REUSE.
The change introducing REUSE.toml files in qtbase is here: https://codereview.qt-project.org/c/qt/qtbase/+/566901
The other modules will follow.
With the REUSE.toml files, and the SPDX license tags already present in file, we become REUSE compliant.
If you add a new qt_attribution.json file, please make sure the copyright and licensing information are documented in a REUSE.toml file next to it.
To create a source SBOM with REUSE run: reuse spdx
To check for REUSE compliance run: reuse lint
Please reach out to me if you have any question or comment
Cheers,
Lucie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20240717/07ed1abf/attachment.htm>
More information about the Development
mailing list