| OLD | NEW |
|---|
| 1 # Adding third_party Libraries | 1 # Adding third_party Libraries |
| 2 | 2 |
| 3 [TOC] | 3 [TOC] |
| 4 | 4 |
| 5 Using third party code can save time and is consistent with our values - no need | 5 Using third party code can save time and is consistent with our values - no need |
| 6 to reinvent the wheel! We put all code that isn't written by Chromium developers | 6 to reinvent the wheel! We put all code that isn't written by Chromium developers |
| 7 into src/third_party (even if you end up modifying just a few functions). We do | 7 into src/third_party (even if you end up modifying just a few functions). We do |
| 8 this to make it easy to track license compliance, security patches, and supply | 8 this to make it easy to track license compliance, security patches, and supply |
| 9 the right credit and attributions. It also makes it a lot easier for other | 9 the right credit and attributions. It also makes it a lot easier for other |
| 10 projects that embed our code to track what is Chromium licensed and what is | 10 projects that embed our code to track what is Chromium licensed and what is |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 119 untracked. That is, anyone running `git status` from `src/` would see a clutter. | 119 untracked. That is, anyone running `git status` from `src/` would see a clutter. |
| 120 Your project's files are tracked by your repository, not Chromium's, so make | 120 Your project's files are tracked by your repository, not Chromium's, so make |
| 121 sure the directory is listed in Chromium's `.gitignore`. | 121 sure the directory is listed in Chromium's `.gitignore`. |
| 122 | 122 |
| 123 ## Get a Review | 123 ## Get a Review |
| 124 | 124 |
| 125 All third party additions and substantive changes like re-licensing need the | 125 All third party additions and substantive changes like re-licensing need the |
| 126 following sign-offs. Some of these are accessible to Googlers only. Non-Googlers | 126 following sign-offs. Some of these are accessible to Googlers only. Non-Googlers |
| 127 can email one of the people in third_party/OWNERS for help. | 127 can email one of the people in third_party/OWNERS for help. |
| 128 | 128 |
| 129 * Chrome Eng Review. Googlers should see go/chrome-eng-review | 129 * Chrome Eng Review. Googlers should see go/chrome-eng-review (please include in
formation about the additional checkout size, build times, and binary sizes. Ple
ase also make sure that the motivation for your project is clear, e.g., a design
doc has been circulated). |
| 130 * open-source-third-party-reviews@google.com (ping the list with relevant | 130 * open-source-third-party-reviews@google.com (ping the list with relevant |
| 131 details and a link to the CL). | 131 details and a link to the CL). |
| 132 * security@chromium.org (ping the list with relevant details and a link to the | 132 * security@chromium.org (ping the list with relevant details and a link to the |
| 133 CL). | 133 CL). |
| 134 | 134 |
| 135 Please send separate emails to the three lists. |
| 136 |
| 135 Third party code is a hot spot for security vulnerabilities. When adding a new | 137 Third party code is a hot spot for security vulnerabilities. When adding a new |
| 136 package that could potentially carry security risk, make sure to highlight risk | 138 package that could potentially carry security risk, make sure to highlight risk |
| 137 to security@chromium.org. You may be asked to add a README.security or, in | 139 to security@chromium.org. You may be asked to add a README.security or, in |
| 138 dangerous cases, README.SECURITY.URGENTLY file. When you update your code, be | 140 dangerous cases, README.SECURITY.URGENTLY file. When you update your code, be |
| 139 mindful of security-related mailing lists for the project and relevant CVE to | 141 mindful of security-related mailing lists for the project and relevant CVE to |
| 140 update your package. | 142 update your package. |
| 141 | 143 |
| 142 Subsequent changes don't require third-party-owners approval; you can modify the | 144 Subsequent changes don't require third-party-owners approval; you can modify the |
| 143 code as much as you want. | 145 code as much as you want. |
| 144 | 146 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 191 | 193 |
| 192 * Missing license file | 194 * Missing license file |
| 193 * Make sure that the license file is present. It should be called 'LICENSE', | 195 * Make sure that the license file is present. It should be called 'LICENSE', |
| 194 or otherwise README.chromium file must point to it explicitly. | 196 or otherwise README.chromium file must point to it explicitly. |
| 195 * The following files contain a third-party license but are not in a listed | 197 * The following files contain a third-party license but are not in a listed |
| 196 third-party directory... | 198 third-party directory... |
| 197 * Check if it's a false positive (e.g. 'copyright' word used in a string | 199 * Check if it's a false positive (e.g. 'copyright' word used in a string |
| 198 literal), if so, update | 200 literal), if so, update |
| 199 [src/tools/copyright_scanner/third_party_files_whitelist.txt](https://code
.google.com/p/chromium/codesearch#chromium/src/tools/copyright_scanner/third_par
ty_files_whitelist.txt) | 201 [src/tools/copyright_scanner/third_party_files_whitelist.txt](https://code
.google.com/p/chromium/codesearch#chromium/src/tools/copyright_scanner/third_par
ty_files_whitelist.txt) |
| 200 file. Otherwise, please move the code into third_party. | 202 file. Otherwise, please move the code into third_party. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2642373002:
Clarify requirements for third-party additions (Closed)
