Skip to content

Commit eb04589

Browse files
committed
docs(TODO): record the License Compliance (FOSSA) gate as an open PR #248 item
The combined commit status on #248 shows a "License Compliance" check failing with "17 issues found" — a dependency-license scanner app, separate from REUSE (green) and SonarCloud. Document it as open, note it is almost certainly pre-existing (the PR changes no dependencies), and how to triage it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01SfvSZ76NW4e1qX1PjL4RKq
1 parent 55e89d1 commit eb04589

1 file changed

Lines changed: 15 additions & 0 deletions

File tree

TODO.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -226,6 +226,21 @@ there is no CFamily/C-C++ scan configured. Addressed:
226226
CI), so the exact remaining new-code Vulnerability must be read off the dashboard. Resolve the last
227227
finding, accept it on the dashboard, or merge on the green build/test checks.
228228
229+
### License Compliance (FOSSA-style dependency-license gate) — PR #248 (open)
230+
231+
Separate from the FSFE **REUSE** check (which is green — `reuse lint` reports 266/266 files compliant)
232+
and from SonarCloud: the PR's combined commit status shows a **"License Compliance" check failing with
233+
"17 issues found"** (an error-state commit status posted by a license-scanner GitHub App, not a
234+
workflow in `.github/workflows/`). It contributes to the `mergeable_state: blocked` on #248.
235+
236+
- **Almost certainly pre-existing**, not introduced by this PR: #248 changes **no dependencies** (the
237+
`pom.xml` edit only adds the `windows-ninja` build profile), so the 17 are dependency-license policy
238+
findings already present on `main` (e.g. GPL-2.0 carried by the llama.cpp sources).
239+
- **Not yet inspected** — the scanner's dashboard/host is outside this sandbox's egress allowlist, same
240+
as `sonarcloud.io`. To triage: open the check's details link from the PR (or allowlist the host), read
241+
the 17 findings, then accept policy-OK licenses on the dashboard or adjust the policy. Confirm whether
242+
it is a *required* status (if so it blocks merge; if advisory it does not).
243+
229244
### Upstream llama.cpp PR — drop the local Windows arg-parse patch (open)
230245
231246
`patches/0001-win32-arg-parse-embed-guard.patch` is a **local** fix re-applied on every build. To drop

0 commit comments

Comments
 (0)