confluent-community-1.0 reported as proprietary-license

aboutcode-org / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

https://aboutcode.org/scancode/

2.15k stars 553 forks source link

confluent-community-1.0 reported as proprietary-license #1861

Open DennisClark opened 4 years ago

DennisClark commented 4 years ago

A recent scan of ksql-5.4.0-rc191218083414.tar.gz from scancode.io returned multiple hits for the very generic proprietary-license but none for the confluent-community-1.0 license, which is a source-available license with a very specific text that should be recognized by scancode-toolkit. Scan results attached.

See https://www.confluent.io/confluent-community-license/

See https://github.com/confluentinc/ksql/releases

ksql-5.4.0-rc191218083414.tar.gz_scan.json.zip

pombredanne commented 4 years ago

@DennisClark good catch ... based on https://github.com/nexB/scancode-toolkit/search?q=Confluent&unscoped_q=Confluent there is indeed a mix of rules pointing to multiple license keys for this one.