blob: a0cc80807cde9c70a2ee75b7b4d48d067cbb3f1b [file] [log] [blame]
Name: Descriptive name of the package
Short Name: Name the package is distributed under (ex. libxml, openssl, etc)
URL: The URL where the package lives
Version: A searchable version number for the package (if the package does not version or is versioned by date or revision this field should be "0" and the revision, or date should be enumerated in the appropriate field)
Date: (OPTIONAL if version is supplied) The date that the package was updated
Revision: (OPTIONAL if version is supplied) The current revision of the package
License: The license under which the package is distributed. Standard forms are only accepted, eg MIT/X11/BSD/Apache 2.0/GPL/LGPL. See ANDROID_ALLOWED_LICENSES in for allowed patterns.
License File: (OPTIONAL) File that contains a copy of the package's license. Use the special value NOT_SHIPPED to indicate that the package is not included in the shipped product, so its license does not need to be included in about:credits and no license file is required.
Security Critical: Either yes or no depending on whether this package is shipped in releases. For example openssl is critical where cygwin is not.
License Android Compatible: (OPTIONAL) Whether the package uses a license compatible with Android. Required only if the package is compatible and the 'License' field uses a non-standard value.
CPEPrefix: (OPTIONAL) A 'common platform enumeration' version 2.2, as per, which represents the upstream package. This will be used to report known vulnerabilities in the upstream software package, such that we can be sure to merge fixes for those vulnerabilities. Please ensure you're using the closest applicable upstream version, according to the standard format for the CPE for that package. For example, cpe:/a:xmlsoft:libxslt:1.0.10. If no CPE is available for the package, please specify "unknown". If you're using a patched or modified version which is halfway between two public versions, please "round downwards" to the lower of the public versions (it's better for us to be notified of false-positive vulnerabilities than false-negatives).
A short description of what the package is and is used for.
Local Modifications:
Enumerate any changes that have been made locally to the package from the shipping version listed above.