Open pombredanne opened 2 years ago
This could also apply to copyrights
What kind of copyright checks could be done? Maybe these:
-- bye, pabs
Maybe compare/contrast this with what reuse or FOSSLight Prechecker's lint mode does? I'm evaluating a few of these tools for my own use, and so far I'm liking fosslight_prechecker
only because of it's simple "Compliant: OK" summary output, which I could use in a CI job.
It doesn't appear to validate if the source code licensees are compatible (e.g. no errors if proprietary source used a GPL'd library or something), but it does check if everything has license and copyright markings. Since I'm refactoring source that currently is unmarked, this is helpful to me for the time being.
I like that idea of sanity-checking the copyright string, that sounds useful.
@AyanSinhaMahapatra has been working on a PR that should land right after v32 is released: https://github.com/nexB/scancode-toolkit/pull/3151
It adds a new --review
option to report ambiguous package and license detections that need review. I guess this could become what this issue was about and could evolve to also support copyright and "fail on error"
Based on our license detection capabilities we could add some option that would "fail" based on some common conditions such as:
there is a non-standard license text or "non-standard-license-wording", or "non-standard-license", or "not-one-of-main-common-licenses" or not an SPDX license or similar
Reported by @pabs3