Find a way to detect license obligations

[GiasemiSh]

Is there an online database where we can collect license obligation data?

Or is there a generic way of documenting license obligations?

[fullsushidev]

My findings until now:

There's no standardized way to do it, therefore I'd suggest keeping trust on SPDX.org - a Linux Foundation workgroup with focus on building an open standard for communicating software bill of material information (including components, licenses, copyrights, and security references) -.

We can find the raw data of the licenses list at spdx/license-list-data

I could found some FOSSs which consume this raw data and try to resume it into machine-readable license obligations, I'll keep my search on those tools.

[fullsushidev]

Some of the tools worth to check closely:

Name: choosealicense.com Maintainer: Github / Staff Language: Ruby Last commit on master: 25 days ago Link: https://github.com/github/choosealicense.com License: CC BY 3.0 and MIT TL;DR: Github curated metadata for licenses (and set of tools) with rules, conditions, and limitations about popular open source licenses. Description/Details: "We catalog select open source licenses with a Jekyll collection (in _licenses). The catalog is used to render ChooseALicense.com and is regularly vendored into Licensee, which GitHub uses to provide a license chooser and license detection, a licenses API, and to display license descriptions and metadata."

Name: askalono Maintainer: Amazon Language: Rust Last commit on master: 15 days ago Link: https://github.com/amzn/askalono License: Apache-2.0 TL;DR: It detects license from text (Uses the math thing called the Sørensen–Dice coefficient) Description/Details: "askalono is a library and command-line tool to help detect license texts. It's designed to be fast, accurate, and to support a wide variety of license texts." "At its core, askalono builds up bigrams (word pairs) of input text, and compares that with other license texts it knows about to see how similar they are. It scores each match with a Sørensen–Dice coefficient and looks for the highest result."

Nice source of curated OSS mgmt list of tools: https://github.com/todogroup/awesome-oss-mgmt#licensing

[pombredanne]

The license data set in scancode-toolkit is the most comprehensive of any data set. It does not have tags for obligations for now (only a category like Copyleft, Permissive, etc.). We could add obligations there easily to the data model. Note that askalono is a license detection tool and would not provide obligations details. PS: I am a co-founder of SPDX and the maintainer of the scancode-toolkit.

[fullsushidev]

Hi @pombredanne we are very interested in collaborating with SPDX and Scancode. It would be super helpful for us if you would add license obligations in your data model.

Thanks!