Re: SPDX - How to handle MIT and BSD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 15, 2022 at 11:05 AM Todd Zullinger <tmz@xxxxxxxxx> wrote:
>
> Neal Gompa wrote:
> > On Tue, Nov 15, 2022 at 6:24 AM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote:
> >> Do we have a command line tool for this? Does licensecheck support SPDX
> >> identifiers?
> >>
> >> (I find the use of browser extension for this very weird. I have the LICENSE
> >> file unpackaged with the sources on my machine, I am not browsing it on the web.)
> >
> > licensecheck supports SPDX, you just have to run it with
> > "--shortname-scheme spdx".
>
> In my recent & limited experience, licensecheck did not
> produce valid SPDX output in many cases.  As an example,
> take a file with the following license header:
>
> /*
>  * test-run-command.c: test run command API.
>  *
>  * (C) 2009 Ilari Liusvaara <ilari.liusvaara@xxxxxxxxxxx>
>  *
>  * This code is free software; you can redistribute it and/or modify
>  * it under the terms of the GNU General Public License version 2 as
>  * published by the Free Software Foundation.
>  */
>
> I expect it to return GPL-2.0-only, but it returns GPL-2:
>
>     $ licensecheck --shortname-scheme spdx t/helper/test-run-command.c
>     t/helper/test-run-command.c: GPL-2
>

That is DEP-5 SPDX(ish) identifiers, which is what Debian uses for
debian/copyright files. I am a bit surprised it gives DEP-5 for
"spdx", but since the tool is from Debian, I guess it makes some
sense...

The identifier is considered valid, as SPDX GPL-2.0 is considered
equivalent to DEP-5 GPL-2, and SPDX-3.0 GPL-2.0-only is equivalent to
SPDX-2.0 GPL-2.0.

Cf. https://wiki.debian.org/Proposals/CopyrightFormat

> I did not see any files in the git source labeled with the
> appropriate SPDX identifier for GPL-2.0*.  Similar for LGPL.
> For BSD-3-Clause, licensecheck used a lower-case C, which
> then fails to match a valid license in rpmlint.
>
> Am I missing something obvious or does licensecheck not work
> as expected?  This is with licensecheck-3.3.0-2.fc36.noarch.
>

licensecheck does not follow/use SPDX-License-Identifier at all. It
predates that scheme.



--
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux