From fc2e334b13bf77f28157ae7c1be9c67e494b51a3 Mon Sep 17 00:00:00 2001
From: Rachael Newitt <renewitt@google.com>
Date: Tue, 4 Jul 2023 23:07:31 +0000
Subject: [PATCH] Updated third party documentation for Shipped field.

Bug: b/282097736
Change-Id: I6a33a90bb811d6add373b39d29d29af8ee9179c5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4648789
Commit-Queue: Rachael Newitt <renewitt@google.com>
Reviewed-by: Erik Staab <estaab@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1165731}
---
 docs/adding_to_third_party.md | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/docs/adding_to_third_party.md b/docs/adding_to_third_party.md
index 02e574505b1ee..c917a9f783160 100644
--- a/docs/adding_to_third_party.md
+++ b/docs/adding_to_third_party.md
@@ -203,6 +203,7 @@ into the product and does any of the following:
 * Collects new data
 * Influences or sets security-related policy (including the user experience)
 
+**CPE Prefix**
 One of the fields is CPEPrefix. This is used by Chromium and Google systems to
 spot known upstream security vulnerabilities, and ensure we merge the fixes
 into our third-party copy. These systems are not foolproof, so as the OWNER,
@@ -223,6 +224,16 @@ public versions, please "round downwards" to the lower of the public versions
 (it's better for us to be notified of false-positive vulnerabilities than
 false-negatives).
 
+
+**Shipped**
+Your README.chromium should also specify whether your third party dependency
+will be shipped as part of a final binary. The "Shipped" field replaces the now
+deprecated special value of "NOT_SHIPPED" which was previously allowed in the
+"License File" field. This use is no longer supported and if your third party
+dependency includes a license you should also use the "Licence File" field to
+reference it, regardless of whether it is shipped or not.
+
+
 ### Add a LICENSE file and run related checks
 
 You need a LICENSE file. Example:
@@ -233,8 +244,8 @@ data for third_party checkins. We use `licenses.py credits` to generate the
 about:credits page in Google Chrome builds.
 
 If the library will never be shipped as a part of Chrome (e.g. build-time tools,
-testing tools), make sure to set "License File" as "NOT_SHIPPED" so that the
-license is not included in about:credits page ([more on this below](#credits)).
+testing tools), make sure to set the "Shipped" field to "no" so that the license
+is  not included in about:credits page ([more on this below](#credits)).
 
 ## Get a review
 
@@ -283,6 +294,7 @@ That page displays a resource embedded in the browser as part of the
 GRIT file; the actual HTML text is generated in the
 [//components/resources:about_credits](../components/resources/BUILD.gn)
 build target using a template from the output of the
-[//tools/licenses/licenses.py](../tools/licenses/licenses.py) script. Assuming you've followed
-the rules above to ensure that you have the proper LICENSE file and it passes
-the checks, it'll be included automatically.
+[//tools/licenses/licenses.py](../tools/licenses/licenses.py) script. Assuming
+you‘ve followed the rules above to ensure that you have the proper path to the
+LICENSE file and set the Shipped value, if it passes the checks, it’ll be
+included automatically.