Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Aug 13 21:18
    pombredanne synchronize #3046
  • Aug 13 21:18

    pombredanne on macos-12-test

    Do not test app on Ubuntu 22 fo… (compare)

  • Aug 13 08:12
    DanFelton starred nexB/scancode-toolkit
  • Aug 13 07:57
    OmidZamani starred nexB/scancode-toolkit
  • Aug 13 05:05
    KevinJi22 synchronize #2979
  • Aug 13 00:04
    pombredanne synchronize #3046
  • Aug 13 00:04

    pombredanne on macos-12-test

    Test release on fewer combos T… Be verbose when running release… Add missing pinned requirement … and 7 more (compare)

  • Aug 12 22:55
    mbragalone starred nexB/scancode-toolkit
  • Aug 12 20:53
    rspier commented #2877
  • Aug 12 17:49
    jeannekamikaze starred nexB/scancode-toolkit
  • Aug 12 06:37
    KevinJi22 synchronize #2979
  • Aug 12 04:54
    KevinJi22 synchronize #2979
  • Aug 11 19:53
    JonoYang commented #3042
  • Aug 11 19:48
    JonoYang synchronize #3042
  • Aug 11 19:48

    JonoYang on datafilehandler-yield-package-first

    Update assemble methods * … (compare)

  • Aug 11 18:34
    JonoYang synchronize #3042
  • Aug 11 18:34

    JonoYang on datafilehandler-yield-package-first

    Update doc and comments Signed… (compare)

  • Aug 11 17:18
    pombredanne closed #2950
  • Aug 11 17:18
    pombredanne commented #2950
  • Aug 11 16:05
    AyanSinhaMahapatra commented #3045
Philippe Ombredanne
@pombredanne
Also proprietary-license_276.RULE relevance should NOT be 100 but rather 70 ... as this is not a super conclusive short rule, as witnessed by your problem.
Do you mind to draft a ticket with all these details?
Roshan Thomas
@Thomshan
Got it. Sure, I'll draft a ticket. Thank you.
balakrishna-mukundaraj
@balakrishna-mukundaraj
Hi, I am running trying to run the version scancode-toolkit 21.6.7 on docker but it seems to fail each time with the below error:

ERROR: Cannot install scancode-toolkit==21.6.7 because these package versions have conflicting dependencies.
ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/user_guide/#fixing-conflicting-dependencies

The conflict is caused by:
scancode-toolkit 21.6.7 depends on pygments
The user requested (constraint) pygments

To fix this you could try to:

  1. loosen the range of package versions you've specified
  2. remove package versions to allow pip attempt to solve the dependency conflict

The command '/bin/sh -c ./scancode --help' returned a non-zero code: 1

is there something i can do to resolve this issue?
Philippe Ombredanne
@pombredanne
hum
@balakrishna-mukundaraj do you mind to enter an issue? that's a bug for sure
balakrishna-mukundaraj
@balakrishna-mukundaraj
Hi @pombredanne , please find the bug details below
Docker fails to run on scancode-toolkit 21.6.7 #2554
Philippe Ombredanne
@pombredanne
@balakrishna-mukundaraj thanks! I am looking into this
balakrishna-mukundaraj
@balakrishna-mukundaraj

Hi @pombredanne

while running a scan a source we had an EPL license match which was :

/*
  • This program and the accompanying materials are made available under the
  • terms of the Eclipse Public License 2.0 which is available at
  • http://www.eclipse.org/legal/epl-2.0
    *
  • SPDX-License-Identifier: EPL-2.0
    */
even though the block clearly says that it is a EPL license, the result from the scancode said epl-2.0 OR apache-2.0 (matched from the rule epl-2.0_or_apache-2.0_2.RULE). Is there any way to fix this issue? Since there is no Apache license found in the entire file.
Also matches to epl-2.0_or_apache-2.0_or_gpl-2.0_with_openjdk-exception.RULE in some cases when there is only epl license found.
Philippe Ombredanne
@pombredanne
@balakrishna-mukundaraj that's a bug :) do you mind to enter an issue? this is fairly esy to fix
Sarita Singh
@itssingh
@pombredanne How can I get complete license text of a license detected in a code file?
3 replies
Henrik Sandklef
@hesa

Scancode (thanks for developing it) generates SDPX version 2.1 (--spdx-tv or --spdx-rdf) and has spdx-tool 0.6.1 as requirements (listed in requirements.txt)

  • any plans moving to SPDX 2.2?
  • using examples/parse_rdf.py from tools-python 0.6.1 on an RDF generated by Scancode I get som errors (see below). WHat am I doing wrong?

Errors:
SPDXID must be "SPDXRef-[idstring]" where [idstring] is a unique string containing letters, numbers, ".", "-".
More than one File checksum defined.
More than one file copyright text defined.
Errors while parsing

Philippe Ombredanne
@pombredanne
Dear @hesa (Thanks for stopping by!) ... SPDX 2.2 support is in the works at https://github.com/spdx/tools-python which I also maintain ... there are quite a few WIP bits that I merged and I am about to make a release soon enough :)
note that if you want to chip in with a helping hand, you will never be turned aways :D
Henrik Sandklef
@hesa
I'd love to join. Currently can't though. Donyou have any dev guide?
@pombredanne , do you have any ideas what I am doing wrong when parsing as reading a scancode produced spdx report, as described above?
Philippe Ombredanne
@pombredanne
@hesa no immediate idea... do you mind to file an issue with a small example?
Henrik Sandklef
@hesa
@pombredanne on my way, thanks
@pombredanne would you like it in scancode-toolkit or tools-python?
Philippe Ombredanne
@pombredanne
that's for scancode-toolkit IMHO
Henrik Sandklef
@hesa
@pombredanne ..... double checked the issue, hope it is useful. Don't hesitate to use me as a test/review resource here
Philippe Ombredanne
@pombredanne
@hesa :+1:
Sougata das
@rijusougata13
Hi, is there any way to test if my installations is successful or not ? I have git cloned , run ./configure.bat and run./Scripts/activate.bat and there were no error !
Philippe Ombredanne
@pombredanne
@rijusougata13 then run "scancode" proper to run a scan. For instance: scancode -clipeu --json-pp - samples -n4
Henrik Sandklef
@hesa
Sorry to bug you all on this list. Have a question about Nexb's license-expression - where do I ask this?
Philippe Ombredanne
@pombredanne
@hesa you do not bug anyone. You can ask here alright :P
Henrik Sandklef
@hesa
Excellent :)
I wrote some words at the end of this issue over at maxhbr/LDBcollector#4
In short, how do I add a "translation" of a license (e.g. GPLv2 to GPL-2.0-only)? Do you have a procedure?
I have some 10-20 license expressions from Yocto that makes https://github.com/vinland-technology/flict scream and shout
I'd rather add the translation to license-expression than to flict
Philippe Ombredanne
@pombredanne
me thinks....
@hesa what you call a translation is a license detection (or you could call it a normalization).
This would typically a job for scancode-toolkit
But you can also use the license expression library for more constrained approach
The license expression parsing operates on license "symbols" each consisting of a key (say the SPDX id or the scancode key) and one or more "aliases" that can be arbitrary strings.
Philippe Ombredanne
@pombredanne
The translation would be to use GPLv2 as an alias
Henrik Sandklef
@hesa
Whatever we call it, I would like to license-expression to be able to go from "GPLv2" to "GPL-2.0-only" :)
Philippe Ombredanne
@pombredanne
@hesa actually, adding a list of alias to each license record may be the best
https://github.com/maxhbr/LDBcollector/issues/4#
this way they are closest together
and license-expression would just consume this
Philippe Ombredanne
@pombredanne
@hesa at some stage I would also like to integrate flict in scancode.io :)
1 reply
separate topic :)
Henrik Sandklef
@hesa
@pombredanne I am not sure how to add an "alias". Will this be a new concept in scancode? If so, I'll propose some syntax. If "alias" is already a concept, please show me an example :)
Maximilian Huber
@maxhbr
Henrik Sandklef
@hesa
@maxhbr The column "True", sometimes with the value "False" :), what is it for?
Henrik Sandklef
@hesa
@maxhbr Have these aliases been verified? E.g. X11 is in the table linked above an alias for ICU, but the license text differ although similar, so I am curious what a lawyer would say. Note: I would love to see more aliases in license-expression and your list is impressive :)
From a license compatibility point of view, they're compatible ("the same"), but not when attributing the license (text)?