aboutcode-org / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
https://aboutcode.org/scancode/
2.15k stars 553 forks source link

RFC: New license attribute for license text/expression addition #3484

Open AyanSinhaMahapatra opened 1 year ago

AyanSinhaMahapatra commented 1 year ago

There are licenses which are is_exception: True and these actually should be paired with the licenses they are an exception to, in the case of generating attribution and also while getting the resultant license expression if detected. See https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/licenses/openssl-exception-gpl-2.0.LICENSE for an example. We can implement this by adding a new license attribute which points to the license key which this exception is related to. This will be a list btw as there can be licenses without versions, but we have to see which one of these to include for text/expressions.

Suggestions:

Also similar issue, but a bit different: https://github.com/nexB/scancode-toolkit/issues/3248#issuecomment-1448062797

pombredanne commented 1 year ago

In https://github.com/nexB/scancode-toolkit/issues/3248#issuecomment-1667624841 I also suggest an alternative way: use a new implied_expression attribute and that may be able to handle both the exception_to and include_text_from attributes purpose?

sschuberth commented 1 year ago

There are licenses which are is_exception: True and these actually should be paired with the licenses they are an exception to

This would be awesome; in ORT we currently post-process ScanCode results to do exactly this grouping / association of stand-alone exception findings with nearby license findings.