unexpected LicenseRefs

[elrayle]

ClearlyDefined added support for LicenseRefs. Scancode is the only source at the moment that produces LicenseRefs that are used. I'm seeing a few results that are unexpected. Can you provide information on the following LicenseRefs? (selected out a few, there may be others that are similar)

Not in the list of scancode-licensedb...

• LicenseRef-LICENSE
• LicenseRef-LICENSE.md
• LicenseRef-Unspecified

In the list of scancode-licensedb, but appear to be catch alls...

• LicenseRef-scancode-commercial-license
• LicenseRef-scancode-free-unknown
• LicenseRef-scancode-generic-export-compliance
• LicenseRef-scancode-generic-cla
• LicenseRef-scancode-proprietary-license
• LicenseRef-scancode-unknown-license-reference (this appears a lot)
• LicenseRef-scancode-unknown

[pombredanne]

These two are not from ScanCode, as we always use a "LicenseRef-scancode" prefix, but these are aliases found in the wild that we listed here: https://scancode-licensedb.aboutcode.org/proprietary-license.html but we should not report these as SPDX licenses on our side. Else this is a bug.

• LicenseRef-LICENSE
• LicenseRef-LICENSE.md

Do know which file they were detected in exactly?

This one is weird:

• LicenseRef-Unspecified: This is likely a proprietary license per https://github.com/search?q="LicenseRef-Unspecified"&type=code ... Same: Do know which file they were detected in exactly?

These are "generic" licenses with "is_generic" flag set to true:

• LicenseRef-scancode-commercial-license
• LicenseRef-scancode-free-unknown
• LicenseRef-scancode-generic-export-compliance
• LicenseRef-scancode-generic-cla
• LicenseRef-scancode-proprietary-license
• LicenseRef-scancode-unknown-license-reference (this appears a lot)
• LicenseRef-scancode-unknown

1. They are detected using various rules and you always want to use the --license-text option to get the exact matched license or notice text. (This is always a good thing to use in all cases)

2. unknown-license-reference are common and many of them are recombined in the top level "license_detections" results, a feature recently added

For instance, say we have these fictitious license rules:

• a. This is licensed under as an "unknown-license-reference"
• b. The GPL 2 as a gpl-2.0
• c. The MIT license as a mit

With the license detection recombination, a. followed by b. will be reported only as gpl-2.0, and same for a. then c as mit.

This means that 1. you should use the --license-text option to collect the matched text and 2. you need to use the top level detections and not only the lower level license matches