Hi Allison: On Sun, May 19, 2019 at 11:55 PM Allison Randal <allison@xxxxxxxxxxx> wrote: > Since the text says "gnu *library* general public license", shouldn't > the SPDX license identifier be LGPL instead of GPL? Good catch! This is a bug in ScanCode where this notice for the LGPL was qualified as applying to the GPL. I entered a ticket there [1], pushed a commit [2] and did an extensive review of any other possible such misqualified cases Thank you ++ for finding this! Jilayne: On Mon, May 20, 2019 at 7:17 PM J Lovejoy <opensource@xxxxxxxxxxx> wrote: > indeed. is anyone else concerned that the scanner(s) didn’t catch this? > This is the kind of thing that (I think) would have been caught. Considering > that we have to rely on the tooling to a certain degree (i.e. we can’t possibly > look at every file individually), this has me a bit worried… This is a data bug in ScanCode. Bugs can happen alright! That's why we have a review process. Note that since Thomas organized the review by matched text (sleek!) there is no need to review all the files (e.g. 10K++) but only the many matched texts (100++) for each patch [1] https://github.com/nexB/scancode-toolkit/issues/1568 [2] https://github.com/nexB/scancode-toolkit/commit/95c12992563e05024a386da78d8f12c0db474221 -- Cordially Philippe Ombredanne
