pombredanne
commented
1 year ago This could also apply to copyrights
Open pombredanne opened 2 years ago
pombredanne
commented
1 year ago This could also apply to copyrights
pabs3
commented
1 year ago What kind of copyright checks could be done? Maybe these:
-- bye, pabs
ahogen
commented
1 year ago Maybe compare/contrast this with what reuse or FOSSLight Prechecker's lint mode does? I'm evaluating a few of these tools for my own use, and so far I'm liking fosslight_prechecker only because of it's simple "Compliant: OK" summary output, which I could use in a CI job.
It doesn't appear to validate if the source code licensees are compatible (e.g. no errors if proprietary source used a GPL'd library or something), but it does check if everything has license and copyright markings. Since I'm refactoring source that currently is unmarked, this is helpful to me for the time being.
I like that idea of sanity-checking the copyright string, that sounds useful.
pombredanne
commented
1 year ago @AyanSinhaMahapatra has been working on a PR that should land right after v32 is released: https://github.com/nexB/scancode-toolkit/pull/3151
It adds a new --review option to report ambiguous package and license detections that need review. I guess this could become what this issue was about and could evolve to also support copyright and "fail on error"
Based on our license detection capabilities we could add some option that would "fail" based on some common conditions such as:
there is a non-standard license text or "non-standard-license-wording", or "non-standard-license", or "not-one-of-main-common-licenses" or not an SPDX license or similar
Reported by @pabs3