For now we detect only Copyleft licenses.
But they are so different in their nature, that one copyleft license in different use cases behaves drastically different, e.g. a software linking a GPLv3 library running on the company's private server and as a distribution delivered to company's customers.
We have to introduce fine grained copyleft detection:
Weak/Partial copyleft
E.g. LGPL, MPL, GPL with linking exception
Value for --fail flag: WeakCopyleft
Strong copyleft
E.g. GPL v2 or later
Value for --fail flag: StrongCopyleft
SaaS-copyleft
E.g. AGPL, SSPL
Value for --fail flag: NetworkCopyleft
We probably also want to support --fail "Copyleft" to include all kinds of copyleft
For now we detect only
Copyleftlicenses. But they are so different in their nature, that one copyleft license in different use cases behaves drastically different, e.g. a software linking a GPLv3 library running on the company's private server and as a distribution delivered to company's customers.We have to introduce fine grained copyleft detection:
Weak/Partial copyleft E.g. LGPL, MPL, GPL with linking exception Value for
--failflag:WeakCopyleftStrong copyleft E.g. GPL v2 or later Value for
--failflag:StrongCopyleftSaaS-copyleft E.g. AGPL, SSPL Value for
--failflag:NetworkCopyleftWe probably also want to support
--fail "Copyleft"to include all kinds of copyleft