Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Feb 08 14:06
    OctoPie23 commented #3240
  • Feb 08 13:46
    AyanSinhaMahapatra commented #3240
  • Feb 08 13:40
    OctoPie23 commented #3240
  • Feb 08 08:40
    AyanSinhaMahapatra commented #3241
  • Feb 08 08:39
    AyanSinhaMahapatra commented #3240
  • Feb 08 08:37
    AyanSinhaMahapatra commented #3240
  • Feb 08 06:51
    OctoPie23 commented #3241
  • Feb 08 05:13
    OctoPie23 commented #3240
  • Feb 08 03:07
    dependabot[bot] labeled #91
  • Feb 08 03:07
    dependabot[bot] opened #91
  • Feb 08 03:07

    dependabot[bot] on pip

    Bump cryptography from 36.0.2 t… (compare)

  • Feb 07 21:42
    jereviikari starred nexB/scancode-toolkit
  • Feb 07 13:23
    pombredanne opened #3242
  • Feb 07 13:18
    pombredanne labeled #3241
  • Feb 07 13:18
    pombredanne labeled #3241
  • Feb 07 13:18
    pombredanne labeled #3241
  • Feb 07 13:18
    pombredanne labeled #3241
  • Feb 07 13:18
    pombredanne opened #3241
  • Feb 07 12:31
    pombredanne labeled #3240
  • Feb 07 12:31
    pombredanne labeled #3240
Philippe Ombredanne
@pombredanne
(it does internally uses the same resolver for deps that pip uses)
Andrea Spacca
@aspacca
I'm faced with the problem of multiple detected licenses and what boolean operator apply to them: for example, for https://github.com/certifi/python-certifi (version 2022.5.18.1), according to --license-score I set for the scan, either MPL-2.0 only or both MPL-2.0 and Python-2.0 are detected. but for finding the best license score to set, I wonder what would be the correct way of reporting multiple detected licenses: in the given example is it MPL-2.0 OR Python-2.0 or MPL-2.0 AND Python-2.0? or none of the two? since I went through some of the rules and I've found there are specific ones for multiple licenses with a specific boolean operator (https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/rules/adi-bsd_or_gpl-2.0-plus_1.yml, https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/rules/adobe-eula_and_gpl-1.0-plus.yml). what would be reported for spdx_license_key in this case? and what for scancode_text_url?
Philippe Ombredanne
@pombredanne
@JonoYang did you post yesterday's meeting notes online? :angel:
Philippe Ombredanne
@pombredanne
@aspacca for certifi detecting Python 2.0 sounds like a bug? MPL 2.0 is the only detected license with the latest https://github.com/nexB/scancode-toolkit/releases/tag/v31.0.0b5
@aspacca --license-score is not the best way to filter licenses IMHO. Instead you may want to check the primary license returned in the new --summary feature (in v31+)
@aspacca in any case, ScanCode will mostly report the OR cases correctly. (Or it is a bug)
And if you have multiple licenses, use AND in all cases is the safe approach
Philippe Ombredanne
@pombredanne

@aspacca re:

what would be reported for spdx_license_key in this case? and what for scancode_text_url

the SPDX license key for non SPDX licenses are prefixed with LicenseRef-scancode-
like in https://scancode-licensedb.aboutcode.org/

We are adding an SPDX license expression too to the reported licenses in the version after next (v32)

in the case of this https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/rules/adi-bsd_or_gpl-2.0-plus_1.yml being detected, the SPDX license expression would be derived from adi-bsd OR gpl-2.0-plus and is LicenseRef-scancode-adi-bsd-adi-bsd OR GPL-2.0-or-later

basically every ScanCode license key has an SPDX license key
and if you use the license-expression library we can render a scancode expression as SPDX alright
@aspacca ping me if you want to chat more :)
Jono Yang
@JonoYang
@pombredanne Meeting notes are online: https://github.com/nexB/aboutcode/wiki/MeetingMinutes
Kevin Ji
@KevinJi22
@JonoYang @pombredanne could you elaborate more on next steps? I'm not really sure what "being able to install custom licenses using wheels" means/how the scancode plugin binaries example works. Is it that the licenses would be packaged like the plugins and I'd have to add code that unpacks that, installs the license into a directory, and then adds it to the license cache too?
Philippe Ombredanne
@pombredanne
@KevinJi22 let's put this is an issue for clarity
Kevin Ji
@KevinJi22
@pombredanne @JonoYang I created a new issue here: nexB/scancode-toolkit#2994. Could you guys add more detail in the issue?
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
https://github.com/nexB/aboutcode/wiki/MeetingMinutes posted for yesterday.
Kevin Ji
@KevinJi22
@pombredanne @JonoYang any ideas about which path to take here? https://github.com/nexB/scancode-toolkit/issues/2994#issuecomment-1160639183
sanket varpe
@varpesanket2000_gitlab
@TG1999 @pombredanne Added comment under heritedcode #PR3.Please have a look.
https://github.com/nexB/heritedcode/pull/3#issuecomment-1165246375
1 reply
Jono Yang
@JonoYang
@KevinJi22 Sorry for responding super late, but I replied to your comment in the ticket.
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
Call starting at https://meet.jit.si/AboutCode
Akhil Raj
@lf32
The previous week, I developed templates for the project with the help of @tdruez.
arjavsethi
@arjavsethi
I would also like to contribute
Raghavendrakamatagi-eng
@Raghavendrakamatagi-eng
Dear Team,
Hope you are doing well!
One query regarding copyright notices, Is there any possibility of listing the copyright notices as per scanned packages (currently its listing as file by file)? kindly confirm
image.png
Andrea Spacca
@aspacca
@Raghavendrakamatagi-eng I'm working on a output plugin that generates a NOTICE file per packages, not sure if it's what you need
Raghavendrakamatagi-eng
@Raghavendrakamatagi-eng
@aspacca yes, i am looking into the report per packages. kindly let me know once its ready to use
Omkar Phansopkar
@OmkarPh
GSoC update on the workbench: Implemented FileTree & path selection (updates are synced across all components on path change)
Kevin Ji
@KevinJi22
weekly GSoC update: implemented functionality to use installed external license plugins in license detection
lf32
@lf32:matrix.org
[m]
GSoC update: Improved Templates for the web app
ziad hany
@ziadhany
GSoC update: add GSD importer
Keshav Priyadarshi
@keshav-space
GSoC update:
add deps validator
add test for osv validator
Sarthak8874
@Sarthak8874
Hello I am Sarthak omer. I am new to open source contributions but I am well aware of html, css and javascript. I would love to contribute to your organisation but could you please tell me how I get started?
Philippe Ombredanne
@pombredanne

Hiya :) @Sarthak8874 check out https://aboutcode.readthedocs.io/en/latest/contributing.html

Please report here if this is not clear or are missing information :)

Omkar Phansopkar
@OmkarPh
GSoC update: Fixed querying issues, worked on path and column selection
ziad hany
@ziadhany
GSoC update: Add fireeye importer , add GSD test
Kevin Ji
@KevinJi22
GSoC update: added a CI job that installs a license and tests license detection
lf32
@lf32:matrix.org
[m]
GSoC update: improved ui
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
@/all we have started our weekly (and gsoc) status meeting!
Philippe Ombredanne
@pombredanne
@lf32:matrix.org I am sorry but the vulnerablecode call lasted much longer... we are still meeting Thursday for the review anyway.
Akhil Raj
@lf32
Okay @pombredanne, thanks
Philippe Ombredanne
@pombredanne
@lf32 Dennis cannot join today and I did not see you so we are instead focusing on the workbench UI review with Omkar and we can reschedule your UI review to a call tomorrow.
Philippe Ombredanne
@pombredanne
What would be a good time?
1 reply
@lf32:matrix.org ^
Akhil Raj
@lf32
now it's ok
I have joined the meet
@pombredanne
lf32
@lf32:matrix.org
[m]
:point_up: Edit: sorry, I was doing some other work. Just joined
Philippe Ombredanne
@pombredanne
@lf32:matrix.org what's your time zone?
Akhil Raj
@lf32
Asia/Kolkata
+530