Open pombredanne opened 2 months ago
pombredanne
commented
2 months ago The same applies to https://github.com/apple/swift-nio-ssl/blob/7c381eb6083542b124a6c18fae742f55001dc2b5/Sources/CNIOBoringSSL/crypto/fipsmodule/sha256-armv8-linux.linux.aarch64.S
Permission to use under GPLv2 terms is granted.
pombredanne
commented
2 months ago See also this rule https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/rules/openssl-ssleay_or_bsd-new_or_gpl-1.0-plus_or_gpl-2.0_1.RULE that needs some love too as there is no gpl-1.0-plus in it.
armijnhemel
commented
2 months ago https://github.com/nexB/scancode-toolkit/issues/3841 might be similar.
https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/rules/openssl-ssleay_gpl_mention_openssl.RULE is not a license notice:
Permission to use under GPL terms is granted.This is present in OpenSSL like at https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha256-armv4.pl or BoringSSL and derivative like https://raw.githubusercontent.com/apple/swift-nio-ssl/7c381eb6083542b124a6c18fae742f55001dc2b5/Sources/CNIOBoringSSL/crypto/fipsmodule/bsaes-armv7-ios.ios.arm.S but should NOT be reported as a GPL at all as this is noise.
We could also just treat this as a false positive entirely, or report it as OpenSSL-licensed since this is always seen with the previous "cryptograms" match: https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/rules/openssl-ssleay_or_bsd-new_2.RULE