My work from the summer on adding support for licenses. It was done in a rush under constraint that if not delivered on time then Nexedi will become liable for loosing significant amount of money. So the quality is not good at places and there are many rough edges. Still it might be useful to publish this and improve step by step.

I attach my original cover letter regarding this work below.

Kirill

/cc @jerome

---- 8< ----
Hello Jean-Paul and Sven.

Please find attached the BOMs with licenses for part of our software stack.

The licensing information was added automatically. For python eggs - we extract information about covered license from 'License' field in package info. For other software we use https://github.com/go-enry/go-license-detector to automatically detect package license. Unfortunately both methods are generally INCORRECT, so please prepare to handle complains from layers.

The correct license extraction is significantly much harder to do.

For the reference I've also uploaded the BOMs on the web:

ERP5: https://lab.nexedi.com/snippets/1188
Wendelin: https://lab.nexedi.com/snippets/1193
SlapOS: https://lab.nexedi.com/snippets/1192
NEO: https://lab.nexedi.com/snippets/1189
Re6stnet: https://lab.nexedi.com/snippets/1190
Cloudooo: https://lab.nexedi.com/snippets/1187
Caucase: https://lab.nexedi.com/snippets/1186
ShaCache: https://lab.nexedi.com/snippets/1191

For Re6stnet BOM is prepared only for Master because re6st-node failed to build in my trials.

Kirill