search

spdx / spdx-online-tools

Source for the website providing online SPDX tools
https://tools.spdx.org
Apache License 2.0
60 stars 57 forks source link

license-checker-tool: any x11 license that does not specifically say "X Consortium" will be detected as x11-distribute-modifications #540

Open quantenzitrone opened 1 month ago

quantenzitrone commented 1 month ago

try for example https://gitlab.freedesktop.org/xorg/lib/pthread-stubs/-/blob/master/COPYING

even though it doesn't have the defining change for x11-distribute-modifications:

+ [...] distribute, distribute with modifications, sublicense [...]
- [...] distribute, sublicense [...]

it is still detected as x11-distribute-modifications

goneall commented 1 month ago

Thanks @quantenzitrone for reporting the issue.

I verified the online tools does indeed match the x11-distribute-modifications when it should not.

The online tools should be calling the org.spdx.utility.compare.LicenseCompareHelperTest method in the Java library.

I wrote a Unit Test and verified that the Java library reports this as not matching.

Note that I added a unit test and tested it against a much later version of the SPDX Java Library. It passes the unit test, so either the new library will fix this, or there is an issue in the Python code which should be calling the SPDX Java Library.

goneall commented 1 month ago

This is the code that calls the SPDX java library:

https://github.com/spdx/spdx-license-matcher/blob/5bf94193b34e3bc0cbaa8cf5867f951653e2dfba/spdx_license_matcher/utils.py#L96