Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Aug 18 20:20
    AyanSinhaMahapatra synchronize #2961
  • Aug 18 20:20

    AyanSinhaMahapatra on add-license-detection

    Fix test failures and expectati… (compare)

  • Aug 18 19:47
    AyanSinhaMahapatra synchronize #2961
  • Aug 18 19:47

    AyanSinhaMahapatra on add-license-detection

    Fix test failures and expectati… (compare)

  • Aug 18 19:33
    JonoYang opened #3059
  • Aug 18 19:32

    JonoYang on fix-PythonInstalledWheelMetadataFile-assing_package_to_resources

    Correctly assign variable … (compare)

  • Aug 18 19:22
    AyanSinhaMahapatra synchronize #2961
  • Aug 18 15:29
    pombredanne opened #3058
  • Aug 18 15:29
    pombredanne opened #3057
  • Aug 18 15:29
    pombredanne opened #3056
  • Aug 18 14:27

    pombredanne on early-summer-q3-license-updates2

    Format text and document licens… Clarify dotnet licenses data A… (compare)

  • Aug 18 08:29
    pombredanne edited #2958
  • Aug 18 08:29
    pombredanne edited #2958
  • Aug 18 08:27
    pombredanne edited #2958
  • Aug 18 08:13
    pombredanne commented #2880
  • Aug 18 08:12

    pombredanne on early-summer-q3-license-updates2

    (compare)

  • Aug 18 08:12

    pombredanne on develop

    Do not detect MIT license when … Improve license detection metad… Add new HERE disclaimer Report… and 19 more (compare)

  • Aug 18 08:12
    pombredanne closed #3030
  • Aug 18 08:11
    pombredanne commented #3030
balakrishna-mukundaraj
@balakrishna-mukundaraj
is there something i can do to resolve this issue?
Philippe Ombredanne
@pombredanne
hum
@balakrishna-mukundaraj do you mind to enter an issue? that's a bug for sure
balakrishna-mukundaraj
@balakrishna-mukundaraj
Hi @pombredanne , please find the bug details below
Docker fails to run on scancode-toolkit 21.6.7 #2554
Philippe Ombredanne
@pombredanne
@balakrishna-mukundaraj thanks! I am looking into this
balakrishna-mukundaraj
@balakrishna-mukundaraj

Hi @pombredanne

while running a scan a source we had an EPL license match which was :

/*
  • This program and the accompanying materials are made available under the
  • terms of the Eclipse Public License 2.0 which is available at
  • http://www.eclipse.org/legal/epl-2.0
    *
  • SPDX-License-Identifier: EPL-2.0
    */
even though the block clearly says that it is a EPL license, the result from the scancode said epl-2.0 OR apache-2.0 (matched from the rule epl-2.0_or_apache-2.0_2.RULE). Is there any way to fix this issue? Since there is no Apache license found in the entire file.
Also matches to epl-2.0_or_apache-2.0_or_gpl-2.0_with_openjdk-exception.RULE in some cases when there is only epl license found.
Philippe Ombredanne
@pombredanne
@balakrishna-mukundaraj that's a bug :) do you mind to enter an issue? this is fairly esy to fix
Sarita Singh
@itssingh
@pombredanne How can I get complete license text of a license detected in a code file?
3 replies
Henrik Sandklef
@hesa

Scancode (thanks for developing it) generates SDPX version 2.1 (--spdx-tv or --spdx-rdf) and has spdx-tool 0.6.1 as requirements (listed in requirements.txt)

  • any plans moving to SPDX 2.2?
  • using examples/parse_rdf.py from tools-python 0.6.1 on an RDF generated by Scancode I get som errors (see below). WHat am I doing wrong?

Errors:
SPDXID must be "SPDXRef-[idstring]" where [idstring] is a unique string containing letters, numbers, ".", "-".
More than one File checksum defined.
More than one file copyright text defined.
Errors while parsing

Philippe Ombredanne
@pombredanne
Dear @hesa (Thanks for stopping by!) ... SPDX 2.2 support is in the works at https://github.com/spdx/tools-python which I also maintain ... there are quite a few WIP bits that I merged and I am about to make a release soon enough :)
note that if you want to chip in with a helping hand, you will never be turned aways :D
Henrik Sandklef
@hesa
I'd love to join. Currently can't though. Donyou have any dev guide?
@pombredanne , do you have any ideas what I am doing wrong when parsing as reading a scancode produced spdx report, as described above?
Philippe Ombredanne
@pombredanne
@hesa no immediate idea... do you mind to file an issue with a small example?
Henrik Sandklef
@hesa
@pombredanne on my way, thanks
@pombredanne would you like it in scancode-toolkit or tools-python?
Philippe Ombredanne
@pombredanne
that's for scancode-toolkit IMHO
Henrik Sandklef
@hesa
@pombredanne ..... double checked the issue, hope it is useful. Don't hesitate to use me as a test/review resource here
Philippe Ombredanne
@pombredanne
@hesa :+1:
Sougata das
@rijusougata13
Hi, is there any way to test if my installations is successful or not ? I have git cloned , run ./configure.bat and run./Scripts/activate.bat and there were no error !
Philippe Ombredanne
@pombredanne
@rijusougata13 then run "scancode" proper to run a scan. For instance: scancode -clipeu --json-pp - samples -n4
Henrik Sandklef
@hesa
Sorry to bug you all on this list. Have a question about Nexb's license-expression - where do I ask this?
Philippe Ombredanne
@pombredanne
@hesa you do not bug anyone. You can ask here alright :P
Henrik Sandklef
@hesa
Excellent :)
I wrote some words at the end of this issue over at maxhbr/LDBcollector#4
In short, how do I add a "translation" of a license (e.g. GPLv2 to GPL-2.0-only)? Do you have a procedure?
I have some 10-20 license expressions from Yocto that makes https://github.com/vinland-technology/flict scream and shout
I'd rather add the translation to license-expression than to flict
Philippe Ombredanne
@pombredanne
me thinks....
@hesa what you call a translation is a license detection (or you could call it a normalization).
This would typically a job for scancode-toolkit
But you can also use the license expression library for more constrained approach
The license expression parsing operates on license "symbols" each consisting of a key (say the SPDX id or the scancode key) and one or more "aliases" that can be arbitrary strings.
Philippe Ombredanne
@pombredanne
The translation would be to use GPLv2 as an alias
Henrik Sandklef
@hesa
Whatever we call it, I would like to license-expression to be able to go from "GPLv2" to "GPL-2.0-only" :)
Philippe Ombredanne
@pombredanne
@hesa actually, adding a list of alias to each license record may be the best
https://github.com/maxhbr/LDBcollector/issues/4#
this way they are closest together
and license-expression would just consume this
Philippe Ombredanne
@pombredanne
@hesa at some stage I would also like to integrate flict in scancode.io :)
1 reply
separate topic :)
Henrik Sandklef
@hesa
@pombredanne I am not sure how to add an "alias". Will this be a new concept in scancode? If so, I'll propose some syntax. If "alias" is already a concept, please show me an example :)
Maximilian Huber
@maxhbr
Henrik Sandklef
@hesa
@maxhbr The column "True", sometimes with the value "False" :), what is it for?
Henrik Sandklef
@hesa
@maxhbr Have these aliases been verified? E.g. X11 is in the table linked above an alias for ICU, but the license text differ although similar, so I am curious what a lawyer would say. Note: I would love to see more aliases in license-expression and your list is impressive :)
From a license compatibility point of view, they're compatible ("the same"), but not when attributing the license (text)?
Maximilian Huber
@maxhbr
The third column indicates whether that is a unique mapping. So if the same alias appears to be mapped to multiple licenses or was flagged ambiguous in the beginning, it is set to "False"
Henrik Sandklef
@hesa
Ah nice
Maximilian Huber
@maxhbr
The x11 / ICU clash comes from the scancode data and was already discussed in https://github.com/maxhbr/LDBcollector/issues/4#
Henrik Sandklef
@hesa
Yes. I am curious if the list of aliases can be used in license-expression (by first adding it to https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses).

Looking at the scancode files:
$ head -7 x11.yml
key: x11
short_name: X11 License
name: X11 License
category: Permissive
owner: XFree86 Project, Inc
homepage_url: http://www.xfree86.org/3.3.6/COPYRIGHT2.html
spdx_license_key: ICU

Is this the origin of "your" circular alias?