search

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.
https://oss-review-toolkit.org
Apache License 2.0
1.56k stars 306 forks source link

Effective license of `BSD-3-Clause AND BSD-3-Clause` #8714

Open tsteenbe opened 3 months ago

tsteenbe commented 3 months ago

ORT's LicenseResolver does not seem to be capable of resolving of SPDX expression where left and right side of an AND are the same ort-license-choice-bug

To Reproduce

This license-choice-bug.zip contains all ORT results and reports for the test project I created from real world ORT scan to create a test case.

Steps to reproduce the behavior:

  1. Set up orthw on your machine
  2. Download this evaluation-result.json
  3. Run mkdir license-choice-bug && license-choice-bug
  4. Initialize orthw with the directory using orthw init file://${PWD}/evaluation-result.json
  5. Generate WebApp report using orthw report-webapp and expand Maven:jakarta.activation:jakarta.activation-api:2.1.2 in the Table tab.

Expected behavior

ORT results webapp report where the effective license for Maven:jakarta.activation:jakarta.activation-api:2.1.2 is show as just BSD-3-Clause

Environment

sschuberth commented 1 month ago

Agreed with @oss-review-toolkit/core-devs that we always want to simplify AND expressions like this; probably some "normalization" is required to post-process license choices.