blob: eceb5cae8c7b63bccb83ff56e18c0a41dac3bd2b [file] [log] [blame]
Name: Descriptive name of the package.
Short Name (OPTIONAL): Name the package is distributed under (ex. libxml, openssl, etc).
URL: The URL where the package lives.
Version: A searchable version number for the package (if the package does not version or is versioned by date or revision this field should be "N/A" and the revision, or date should be enumerated in the appropriate field).
Date: (OPTIONAL if Version or Revision is supplied) The date that the package was updated, in format YYYY-MM-DD.
Revision: (OPTIONAL if Version or Date is supplied) The current revision of the package.
License: The license under which the package is distributed. Standard forms are only accepted, eg MIT/X11/BSD/Apache 2.0/GPL/LGPL. See ANDROID_ALLOWED_LICENSES in for allowed patterns.
License File: A file path from //third_party or a relative path from the README.chromium to a child directory, whichever makes more sense for your dependency. The file should contain a copy of the package's license and correspond to the License provided above. For packages which are shipped this is a mandatory inclusion to ensure the accuracy of about:credits.
Shipped: Either yes or no depending on whether this package should be included in about:credits. Anything shipped as part of a release or by component-updater should be credited.
Security Critical: Either yes or no. Information on what classifies a package as security critical can be found at
License Android Compatible: (OPTIONAL if the package is not shipped or uses a standard form license) Either yes or no depending on whether the package uses a license compatible with Android.
CPEPrefix: (OPTIONAL) A 'common platform enumeration' version 2.3 (preferred) or 2.2, as per, which represents the upstream package. This will be used to report known vulnerabilities in the upstream software package, such that we can be sure to merge fixes for those vulnerabilities. Please ensure you're using the closest applicable upstream version, according to the standard format for the CPE for that package. For example, cpe:/a:xmlsoft:libxslt:1.0.10. If no CPE is available for the package, please specify "unknown". If you're using a patched or modified version which is halfway between two public versions, please "round downwards" to the lower of the public versions (it's better for us to be notified of false-positive vulnerabilities than false-negatives).
A short description of what the package is and is used for.
Local Modifications:
Enumerate any changes that have been made locally to the package from the
shipping version listed above.
If the files from the third party package (e.g. fetched during a git checkout)
aren't modified, put "None" here (without enclosing quotes).
Note: Files required for Chromium tooling integration don't count as local
modifications. Examples include:, OWNERS file, DIR_METADATA, LICENSE,
# It is preferred each package has its own README.chromium. However, if
# this is not possible and the information for multiple packages must be
# placed in a single README.chromium, use the below line to separate the
# data for each package:
-------------------- DEPENDENCY DIVIDER --------------------