-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failing to validate GPL licenses #70
Comments
@ivanayov Thanks for the report. license-expression is not exactly a license detection library, you want to use ScanCode for this... or you feed it with known license symbols and how they map to SPDX or ScanCode license keys.
I can parse any expression with a valid syntax:
But this expression will not validate as I did not specify what my license symbols are:
If I feed the Licensing with license symbols (here a simple list of strings), then things will validate alright:
and unknown symbols will be reported:
Based on your message above, I assume that you want to get proper detected and normalized license from RPM packages in VMware photon? If so the the right solution would be a combo of:
Eventually this should be what https://github.com/nexB/scancode-toolkit/blob/4be4ba976d8d732538e72db97b311af39ca81432/src/packagedcode/rpm.py#L381 does and there is an attempt in aboutcode-org/scancode-toolkit#2894 to improve this by @adii21-Ux The general case is in https://github.com/nexB/scancode-toolkit/blob/4be4ba976d8d732538e72db97b311af39ca81432/src/packagedcode/licensing.py#L109 and https://github.com/nexB/scancode-toolkit/blob/4be4ba976d8d732538e72db97b311af39ca81432/src/licensedcode/match_spdx_lid.py The main issue to track RPM-related license detection is in aboutcode-org/scancode-toolkit#2412 "Improve license detection of declared RPM licenses" So in conclusion, this is something that would benefit from some love... Can I interest you in helping make this work for RPM packages in general and photon packages in particular? If we do it in ScanCode, this would be available to everyone, including any tool that sues ScanCode (such as tern that may be of direct interest to you since you mentioned images above) |
@ivanayov gentle ping... did my explanation make sense? |
Thank you very much @pombredanne! It was very helpful and detailed explanation. |
gentle ping |
licensing.validate()
has'Unknown license key(s)'
error for GPL licenses, e.g.'LGPLv2.1'
,'GPLv2'
,'GPL2'
.Side note: Also some images have several licenses, e.g.
MIT
,GPL2
and others.When they are listed as
'MIT GPL2'
for example, it's okay, validation just fails with errors ('Unknown license key(s)').But when they are listed with commas instead -
'MIT,GPL2'
it throws an exception for invalid characters.In some cases, f.e.
photon:3.0
the licenses come in this form.The latter can be easily resolved, but I just wonder if it would be better those use-cases to be
handled within the validate method instead?
The text was updated successfully, but these errors were encountered: