scanoss / scanoss.py

The SCANOSS python package providing a simple, easy to consume library for interacting with SCANOSS APIs/Engine.
MIT License
26 stars 19 forks source link

Invalid SPDX: incorrect license exception #62

Open vargenau opened 1 week ago

vargenau commented 1 week ago

phpwiki.json

java -jar tools-java/tools-java-1.1.8-jar-with-dependencies.jar Verify phpwiki.json

(from https://github.com/spdx/tools-java)

ortizjeronimo commented 18 hours ago

Hello @vargenau , can you please give us an example line in which the license exception is incorrect?

vargenau commented 17 hours ago

Hello @ortizjeronimo

You have for example: "licenseDeclared": "(BSD-2-Clause AND LicenseRef-scancode-php-2.0.2 AND LicenseRef-GPL-1.0-or-later AND GPL-2.0-or-later WITH x11vnc-openssl-exception AND CC-BY-2.5 AND GPL-2.0-only AND LicenseRef-scancode-public-domain AND GPL-2.0-only AND LGPL-3.0-only AND LicenseRef-scancode-public-domain AND GPL-1.0-or-later AND LicenseRef-LGPL-2.1-only WITH LicenseRef-scancode-generic-exception AND LicenseRef-GPL-1.0-or-later AND CC-BY-2.5 AND GPL-2.0-only AND MIT AND BSD-3-Clause)",

The problem is "WITH LicenseRef-scancode-generic-exception".

The SPDX keyword WITH can only be followed by a predefined exception found the official SPDX list: https://spdx.org/licenses/exceptions-index.html

You cannot have a user-defined exception.

I know ScanCode does that, but it is incorrect.

You can use something like "LicenseRef-LGPL-2.1-only-with-scancode-generic-exception" if you define it.