Open elrayle opened 2 hours ago
These two are not from ScanCode, as we always use a "LicenseRef-scancode" prefix, but these are aliases found in the wild that we listed here: https://scancode-licensedb.aboutcode.org/proprietary-license.html but we should not report these as SPDX licenses on our side. Else this is a bug.
Do know which file they were detected in exactly?
This one is weird:
These are "generic" licenses with "is_generic" flag set to true:
They are detected using various rules and you always want to use the --license-text
option to get the exact matched license or notice text. (This is always a good thing to use in all cases)
unknown-license-reference
are common and many of them are recombined in the top level "license_detections" results, a feature recently added
For instance, say we have these fictitious license rules:
This is licensed under
as an "unknown-license-reference"The GPL 2
as a gpl-2.0
The MIT license
as a mit
With the license detection recombination, a. followed by b. will be reported only as gpl-2.0
, and same for a. then c as mit
.
This means that 1. you should use the --license-text
option to collect the matched text and 2. you need to use the top level detections and not only the lower level license matches
ClearlyDefined added support for LicenseRefs. Scancode is the only source at the moment that produces LicenseRefs that are used. I'm seeing a few results that are unexpected. Can you provide information on the following LicenseRefs? (selected out a few, there may be others that are similar)
Not in the list of scancode-licensedb...
In the list of scancode-licensedb, but appear to be catch alls...