Open msymons opened 2 years ago
stevespringett
commented
2 years ago According to wikipedia, "BSD License" is the 4-clause license. Thus CycloneDX-Core-Java is properly identifying the license from the antlr4 pom.
https://en.wikipedia.org/wiki/BSD_licenses
If the antlr4 project is licensed under BSD-3-Clause, then perhaps the project should explicitly state that using the BSD-3-Clause SPDX identifier.
msymons
commented
2 years ago @stevespringett, the POM for antl4 say "The BSD License" and not "BSD License". The wikipedia page says..
While the original license is sometimes referred to as the "BSD-old", the resulting 3-clause version is sometimes referred to by "BSD-new." Other names include "New BSD", "revised BSD", "BSD-3", or "3-clause BSD". This version has been vetted as an Open source license by the OSI as "The BSD License"
ie, a reading of this is that "The BSD License" is 3-clause and not 4-clause.
So, is the license mapping in cyclonedx-core-java really correct on this point?
Having said that, I will most definitely try to get the antlr4 project to use the BSD-3-Clause SPDX identifier.
tmehnert
commented
2 years ago The antlr4 project is proven to be BSD-3-Clause, see LICENSE.txt.
msymons
commented
1 year ago The
antlr4project is proven to beBSD-3-Clause, see LICENSE.txt.
Yes, @tmehnert , that's because the license that you link to is the one is based on the PR that I submitted 😄
With this addition to license mappings in PR #195 https://github.com/CycloneDX/cyclonedx-core-java/blob/b664a13f3e7c41a7e086ec508d804c2bd4207140/src/main/resources/license-mapping.json#L67
The consequence is that the component antlr4 now maps to
BSD-4-Clausewhen the intention of the antlr project is the the license should beBSD-3-Clause.See LICENSE.txt
From antlr4 POM:
So, is this a problem with
cyclonedx-core-javalicense mapping, or is it a problem withantlr4POM?The consequence of thinking that a
BSD-3-Clauseis actuallyBSD-4-Clauseis that the latter: