Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 10:07

    pombredanne on release-31-prep

    Restore release publishing Sig… (compare)

  • 10:05

    pombredanne on release-31-prep

    Bump release date Signed-off-b… (compare)

  • 10:00

    pombredanne on release-31-prep

    Use latest virtualenv Signed-o… (compare)

  • Aug 14 09:12

    pombredanne on datafilehandler-yield-package-first

    (compare)

  • Aug 14 09:12

    pombredanne on develop

    Update DatafileHandler default … Update doc and comments Signed… Update assemble methods * … and 1 more (compare)

  • Aug 14 09:12
    pombredanne closed #3042
  • Aug 14 09:09

    pombredanne on macos-12-test

    (compare)

  • Aug 14 09:09

    pombredanne on develop

    Improve release scripts #3040 … Test release on fewer combos T… Be verbose when running release… and 11 more (compare)

  • Aug 14 09:09
    pombredanne closed #3046
  • Aug 14 08:30
    pombredanne edited #3046
  • Aug 14 08:30
    pombredanne edited #3046
  • Aug 14 07:11
    pombredanne commented #3046
  • Aug 14 07:11
    pombredanne synchronize #3046
  • Aug 14 07:11

    pombredanne on macos-12-test

    Use correct syntax for python e… (compare)

  • Aug 14 05:47
    jeanc0 starred nexB/scancode-toolkit
  • Aug 13 21:18
    pombredanne synchronize #3046
  • Aug 13 21:18

    pombredanne on macos-12-test

    Do not test app on Ubuntu 22 fo… (compare)

  • Aug 13 08:12
    DanFelton starred nexB/scancode-toolkit
  • Aug 13 07:57
    OmidZamani starred nexB/scancode-toolkit
  • Aug 13 05:05
    KevinJi22 synchronize #2979
balakrishna-mukundaraj
@balakrishna-mukundaraj

Hi @pombredanne

while running a scan a source we had an EPL license match which was :

/*
  • This program and the accompanying materials are made available under the
  • terms of the Eclipse Public License 2.0 which is available at
  • http://www.eclipse.org/legal/epl-2.0
    *
  • SPDX-License-Identifier: EPL-2.0
    */
even though the block clearly says that it is a EPL license, the result from the scancode said epl-2.0 OR apache-2.0 (matched from the rule epl-2.0_or_apache-2.0_2.RULE). Is there any way to fix this issue? Since there is no Apache license found in the entire file.
Also matches to epl-2.0_or_apache-2.0_or_gpl-2.0_with_openjdk-exception.RULE in some cases when there is only epl license found.
Philippe Ombredanne
@pombredanne
@balakrishna-mukundaraj that's a bug :) do you mind to enter an issue? this is fairly esy to fix
Sarita Singh
@itssingh
@pombredanne How can I get complete license text of a license detected in a code file?
3 replies
Henrik Sandklef
@hesa

Scancode (thanks for developing it) generates SDPX version 2.1 (--spdx-tv or --spdx-rdf) and has spdx-tool 0.6.1 as requirements (listed in requirements.txt)

  • any plans moving to SPDX 2.2?
  • using examples/parse_rdf.py from tools-python 0.6.1 on an RDF generated by Scancode I get som errors (see below). WHat am I doing wrong?

Errors:
SPDXID must be "SPDXRef-[idstring]" where [idstring] is a unique string containing letters, numbers, ".", "-".
More than one File checksum defined.
More than one file copyright text defined.
Errors while parsing

Philippe Ombredanne
@pombredanne
Dear @hesa (Thanks for stopping by!) ... SPDX 2.2 support is in the works at https://github.com/spdx/tools-python which I also maintain ... there are quite a few WIP bits that I merged and I am about to make a release soon enough :)
note that if you want to chip in with a helping hand, you will never be turned aways :D
Henrik Sandklef
@hesa
I'd love to join. Currently can't though. Donyou have any dev guide?
@pombredanne , do you have any ideas what I am doing wrong when parsing as reading a scancode produced spdx report, as described above?
Philippe Ombredanne
@pombredanne
@hesa no immediate idea... do you mind to file an issue with a small example?
Henrik Sandklef
@hesa
@pombredanne on my way, thanks
@pombredanne would you like it in scancode-toolkit or tools-python?
Philippe Ombredanne
@pombredanne
that's for scancode-toolkit IMHO
Henrik Sandklef
@hesa
@pombredanne ..... double checked the issue, hope it is useful. Don't hesitate to use me as a test/review resource here
nexB/scancode-toolkit#2674
Philippe Ombredanne
@pombredanne
@hesa :+1:
Sougata das
@rijusougata13
Hi, is there any way to test if my installations is successful or not ? I have git cloned , run ./configure.bat and run./Scripts/activate.bat and there were no error !
Philippe Ombredanne
@pombredanne
@rijusougata13 then run "scancode" proper to run a scan. For instance: scancode -clipeu --json-pp - samples -n4
Henrik Sandklef
@hesa
Sorry to bug you all on this list. Have a question about Nexb's license-expression - where do I ask this?
Philippe Ombredanne
@pombredanne
@hesa you do not bug anyone. You can ask here alright :P
Henrik Sandklef
@hesa
Excellent :)
I wrote some words at the end of this issue over at maxhbr/LDBcollector#4
In short, how do I add a "translation" of a license (e.g. GPLv2 to GPL-2.0-only)? Do you have a procedure?
I have some 10-20 license expressions from Yocto that makes https://github.com/vinland-technology/flict scream and shout
I'd rather add the translation to license-expression than to flict
Philippe Ombredanne
@pombredanne
me thinks....
@hesa what you call a translation is a license detection (or you could call it a normalization).
This would typically a job for scancode-toolkit
But you can also use the license expression library for more constrained approach
The license expression parsing operates on license "symbols" each consisting of a key (say the SPDX id or the scancode key) and one or more "aliases" that can be arbitrary strings.
@hesa did you ever try this: https://github.com/maxhbr/LDBcollector/issues/4#issuecomment-827967277 ?
13 replies
Philippe Ombredanne
@pombredanne
The translation would be to use GPLv2 as an alias
Henrik Sandklef
@hesa
Whatever we call it, I would like to license-expression to be able to go from "GPLv2" to "GPL-2.0-only" :)
Philippe Ombredanne
@pombredanne
@hesa actually, adding a list of alias to each license record may be the best
https://github.com/maxhbr/LDBcollector/issues/4#
this way they are closest together
and license-expression would just consume this
Philippe Ombredanne
@pombredanne
@hesa at some stage I would also like to integrate flict in scancode.io :)
1 reply
separate topic :)
Henrik Sandklef
@hesa
@pombredanne I am not sure how to add an "alias". Will this be a new concept in scancode? If so, I'll propose some syntax. If "alias" is already a concept, please show me an example :)
Maximilian Huber
@maxhbr
The LDBcollector allready has these aliases: https://github.com/maxhbr/LDBcollector/blob/generated/aliases/aliases.csv#L686
Henrik Sandklef
@hesa
@maxhbr The column "True", sometimes with the value "False" :), what is it for?
Henrik Sandklef
@hesa
@maxhbr Have these aliases been verified? E.g. X11 is in the table linked above an alias for ICU, but the license text differ although similar, so I am curious what a lawyer would say. Note: I would love to see more aliases in license-expression and your list is impressive :)
From a license compatibility point of view, they're compatible ("the same"), but not when attributing the license (text)?
Maximilian Huber
@maxhbr
The third column indicates whether that is a unique mapping. So if the same alias appears to be mapped to multiple licenses or was flagged ambiguous in the beginning, it is set to "False"
Henrik Sandklef
@hesa
Ah nice
Maximilian Huber
@maxhbr
The x11 / ICU clash comes from the scancode data and was already discussed in https://github.com/maxhbr/LDBcollector/issues/4#
Henrik Sandklef
@hesa
Yes. I am curious if the list of aliases can be used in license-expression (by first adding it to https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses).

Looking at the scancode files:
$ head -7 x11.yml
key: x11
short_name: X11 License
name: X11 License
category: Permissive
owner: XFree86 Project, Inc
homepage_url: http://www.xfree86.org/3.3.6/COPYRIGHT2.html
spdx_license_key: ICU

Is this the origin of "your" circular alias?

Maximilian Huber
@maxhbr
yes
in the SPXD list, X11 and ICU are two independent licenses, and this joins these two. this violates the rule that the main IDs never have clashes with aliases ...
Henrik Sandklef
@hesa
Hmmm... OK :(
Philippe Ombredanne
@pombredanne

If "alias" is already a concept, please show me an example :)

an alias is something in license-expression, but not in scancode. IMHO this would be a list of strings naned aliases

3 replies
Philippe Ombredanne
@pombredanne

@maxhbr re:

The LDBcollector allready has these aliases: https://github.com/maxhbr/LDBcollector/blob/generated/aliases/aliases.csv#L686

This would be perfect!