Closed fviernau closed 4 years ago
how about using those ort.yml properties:
curations:
license_findings:
..and call it license finding curation
moreover, how about using list
My attempts to implemented this resulted in one bigger and one small potentiall refactoring topic:
Association between license findings and copyrights
"license_findings" : [ {
"license" : "ISC",
"locations" : [ {
"path" : "LICENSE",
"start_line" : 1,
"end_line" : 15
} ],
"copyrights" : [ {
"statement" : "Copyright (c) Isaac Z. Schlueter and Contributors",
"locations" : [ {
"path" : "LICENSE",
"start_line" : 3,
"end_line" : 3
} ]
} ]
} ]
"licenses" : [
{
"license" : "ISC",
"location" : [ {
"path" : "LICENSE",
"start_line" : 1,
"end_line" : 15
} ],
"copyrights" : [
{
"statement" : "Copyright (c) Isaac Z. Schlueter and Contributors",
"location" : [ {
"path" : "LICENSE",
"start_line" : 3,
"end_line" : 3
}
]
Rationale:
New LicenseView
generalization:
LicenseView(getAllConcludedLicenses(), getAllDetectedLicenses())
LicenseView(getAllConcludedLicenses(), getAllDetectedLicenses() + getAllDeclaredLicenses())
The very basic feature is implemented and of course already usable. This MVP for now applies the curations at a single place and uses curated detected licenses
instead of raw detected licenses
all over the place, e.g. Reporters/UI
and rules/evaluator
. What is planned still is
OrtResult.collectLicenseFindings
to make application of curations optionalLicenseView
such that the rules can choose to operate on raw
or curated
detected licensesHere is how the basic feature was implemented:
https://github.com/heremaps/oss-review-toolkit/pull/1856 https://github.com/heremaps/oss-review-toolkit/pull/1846 https://github.com/heremaps/oss-review-toolkit/pull/1844 https://github.com/heremaps/oss-review-toolkit/pull/1841 https://github.com/heremaps/oss-review-toolkit/pull/1813 https://github.com/heremaps/oss-review-toolkit/pull/1812 https://github.com/heremaps/oss-review-toolkit/pull/1795 https://github.com/heremaps/oss-review-toolkit/pull/1792 https://github.com/heremaps/oss-review-toolkit/pull/1763 https://github.com/heremaps/oss-review-toolkit/pull/1762 https://github.com/heremaps/oss-review-toolkit/pull/1759 https://github.com/heremaps/oss-review-toolkit/pull/1758 https://github.com/heremaps/oss-review-toolkit/pull/1756 https://github.com/heremaps/oss-review-toolkit/pull/1750 https://github.com/heremaps/oss-review-toolkit/pull/1744 https://github.com/heremaps/oss-review-toolkit/pull/1739 https://github.com/heremaps/oss-review-toolkit/pull/1736
Closing this ticket as the basic feature has been merged to master. Identified next steps can be:
Rule violations triggered by incorrect license detections can currently be addressed as follows
For
projects
:For
packages
(project dependencies):Problems
Proposed feature
Below example shows a
curation
for all license findings of all.cpp
and.h
files found underneathsrc
in lines 5-18 whereCDDL-1.1
was detected. It corrects all the matched findings withCDDL-1.0
Spec:
glob
matching file pathsAdvantages
scanner configuration
.Scope While this would be useful for dependencies as well limit the scope to local configurations aka
ort.yml
as this has highest priority currently.Related see https://github.com/heremaps/oss-review-toolkit/issues/1130