aboutcode-org / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
https://github.com/aboutcode-org/scancode-toolkit/releases/
2.11k stars 546 forks source link

`net-snmp` should map to SPDX license `Net-SNMP` #3950

Open elrayle opened 2 weeks ago

elrayle commented 2 weeks ago

Description

At LicenseDB and in https://scancode-licensedb.aboutcode.org/index.json, net-snmp maps to LicenseRef-scancode-net-snmp. It includes an other_spdx_license_keys with the expected SPDX license Net-SNMP.

Actual

Excerpt from https://scancode-licensedb.aboutcode.org/index.json,

{
    "license_key": "net-snmp",
    "category": "Permissive",
    "spdx_license_key": "LicenseRef-scancode-net-snmp",
    "other_spdx_license_keys": [
      "Net-SNMP"
    ],
    "is_exception": false,
    "is_deprecated": false,
    "json": "net-snmp.json",
    "yaml": "net-snmp.yml",
    "html": "net-snmp.html",
    "license": "net-snmp.LICENSE"
  },

Expected

Excerpt from https://scancode-licensedb.aboutcode.org/index.json,

{
    "license_key": "net-snmp",
    "category": "Permissive",
    "spdx_license_key": "Net-SNMP",
    "other_spdx_license_keys": [],
    "is_exception": false,
    "is_deprecated": false,
    "json": "net-snmp.json",
    "yaml": "net-snmp.yml",
    "html": "net-snmp.html",
    "license": "net-snmp.LICENSE"
  },
pombredanne commented 2 weeks ago

Thanks for the report! https://scancode-licensedb.aboutcode.org/net-snmp.html is actually something that was always weird and recently deprecated by SPDX. @AyanSinhaMahapatra I see this commit of yours: https://github.com/aboutcode-org/scancode-toolkit/commit/fffc98f37c7dc50ac7e8a4411e2de43990920e99#diff-570e21e32815e1eef07671480675ef8b3758ba6e0d378c91b807dff9a7768bde

... and if you undo this, we would now need to keep "LicenseRef-scancode-net-snmp" under "other_spdx_license_keys"

Also: moving this ScanCode-Toolkit which is where the change will happen.

AyanSinhaMahapatra commented 1 week ago

@elrayle Thanks for the report, this should be fixed indeed.

@pombredanne this seems to be a side-effect of our spdx update script for deprecated spdx licenses, I will also check if there are other licenses effected like this, and update the script.