Closed Unearthed2112 closed 2 months ago
It's free and will stay free forever. Looks more like an artifact from the migration we did a while ago.
Thank you! I think this should be enough proof for NexusIQ's support team.
For any other readers who also use NexusIQ, I'm putting in a ticket with them about this :)
Update:
Sonatype/NexusIQ is not going to fix this on their end despite the proof here in this thread. Not until the pypi page gets updated to show it doesn't have proprietary in it. It seems its their process to rely on pypi as the source of truth exclusively.
"Best option would be to request the package developer to update this License Classifier to correct license, as pypi uses this classifier to correctly identify the license associated with the component."
Honestly, this has caused too much time waste on my end already so I'm just going to waive the license false positive in NexusIQ. @codie3611 If you would like, I can open another issue for this if you believe this would be valuable/worth your time to fix. Just let me know.
Thank you again.
I just wonder how to fix it as it is explicitly specified as BSD-3.
From what the Sonatype support folks told me, you have to fix it by changing the License Classifier in the PKG-INFO file that comes with the tar bundle or whl file when downloaded from pypi.
From googling a bit, I get the impression that file gets created when you create a pypi package? I'm not sure though.
Hmmm weird as the repo does not contain the classifier anymore.
Hello,
NexusIQ (OSS scanning tool) is flagging Lasso-python as having a Proprietary License clause. I noticed also that on Pypi, it also has it listed as "Other/Proprietary License".
However, when I view the license text provided with lasso-python, here in this repo, , it appears to be a BSD 3-Clause, not listed as proprietary.
So, is Lasso-Python proprietary, or is NexusIQ and Pypi incorrect?
Thank you very much for your time.