Check for OSI/FSF mismatch when loading License policy config file

CycloneDX / sbom-utility

Utility that provides an API platform for validating, querying and managing BOM data

Apache License 2.0

93 stars 13 forks source link

Check for OSI/FSF mismatch when loading License policy config file #29

Closed mrutkows closed 1 year ago

mrutkows commented 1 year ago

The value (boolean) for "fsf" property should never be true if the cooresponding propert "osi" is `false. Issue a WARNING at the very least (during load/hash).

That is, it is possible to have these combinations:

"osi": true,
"fsf": false,

"osi": true,
"fsf": true,

but, this combination should never appear:

"osi": false,
"fsf": true,

mrutkows commented 1 year ago

Please also document in the README that "fsfApproved=false" may also mean that the FSF has not published an opinion on the license (TBD).

mrutkows commented 1 year ago

Found a BSD derivative license this did not hold true for. Closing.