hesa / foss-licenses Goto Github PK

$ flame aliases lists all aliases. To limit the alias output you can use the -l option. This option causes a crash, see below

$ flame aliases -l MIT
usage: flame [-h] [-fc FLAME_CONFIG] [-ld LICENSE_DIR] [-ald ADDITIONAL_LICENSE_DIR] [-lmf LICENSE_MATRIX_FILE] [-ndu] [-of OUTPUT_FORMAT] [-v] [-V] [-d] [-c]
             [--validate-spdx] [--validate-relaxed] [--validate-osadl]
             {license,license-full,compat,simplify,aliases,compats,operators,licenses,unknown} ...
flame: error: ambiguous option: -l could match -ld, -lmf

Can we add an interpretation of "CDDL-1" and "CDDL-v1"?

Add a markdown formatter

Write tests to check if a license like GPL (without version) is present in GPL-[123]*.json

Add WITH

• with
• w/
• WITH

add in license_db.py and PYTHON_API.md a description of the objects returned

Add disclaimer in repo
Add link to the disclaimer in license JSON files

Can we add an interpretation of "LGPLv2", i.e.

• LGPL-2.0-only, or
• LGPL-2.1-only

GPL-3.0-with-GCC-exception

"AFLv2" (Yocto)

Add options to:

• check if licenses are supported by OSADL's matrix e.g. after doing `flame compat x11-keith-packard and BSD3 || GPLv2+"``
• verify license expression (after above)

Today you invoke licensecheck as:flame license "MIT and BSD3" (note the ")
Allow for flame license MIT and BSD (no ")

Can we add an interpretation of MIT variants, i.e.

• MIT-X
• MIT-style

List all data, including link to spdx and scan code db. For all licenses

--license l - limits to only output data for license l

Remove the aliases for an existing licenses that has a version (Apache 1, 2 | GPL 1, 2, 3 | MPL 1, 2 .... and so on) but the alias does not have one.

Example. "GNU General Public License" cannot be assumed to be any of the GPL versions. So all "unversioned" aliases like this need to be removed.

When identifying compatibility_as, using flame compat <license>, you can validate:

• --validate-spdx - Validate that the resulting license expression is valid according to SPDX syntax
• --validate-relaxed - Validate that the resulting license expression is valid according to SPDX syntax, but allow non SPDX identifiers
• --validate-osadl - Validate that the resulting licenses are supported by OSADL's compatibility matrix

It would be useful to have the same possibility when identifying license, using flame license <license>

Currently the option --validate-spdx checks if the licenses are known to [license_expression](https://github.com/nexB/license-expression), which is the same database of licenses as [ScanCode LicenseDB](https://scancode-licensedb.aboutcode.org/.

Instead, a check against should be implemented

• https://spdx.org/licenses/
• https://spdx.org/licenses/exceptions-index.html

Add to x11-keith-packard

BSD-3-Clause has variants such Google and Facebook. Other examples

• BSD-like

Adding a compatibility_as would be useful, but what is the most common practice in dealing with these licenses?

Apache License Version 2.0 is not the same string as
Apache License Version 2.0, but they refer to the same license.

Suggestion: remove multiple blank before find/replace

https://scancode-licensedb.aboutcode.org/llvm-exception.html
https://spdx.org/licenses/LLVM-exception.html

Can we add an interpretation of "MPL-1" and "MPLv1"?

Either a license should be supported by the osadl_matrix or have a compatibility_as that is

Add function to check this.

Suggestion to meta information

• organization
• author

This way a user can chose licenses as submitted by a particular organization.

License aliases are supposed to be replaced longest in size first.

Current solution (license_db.py):
for needle in reversed(collections.OrderedDict(sorted(needles.items()))):
does not do that. Replace the above with:
for needle in reversed(collections.OrderedDict(sorted(needles.items(), key = lambda x : len(x[0])))):

and things should be fine

Problem
Currently x11 gets normalized to ICU

$ flame --verbose license x11
ICU
 * "x11" -> "ICU via "scancode"

This is the case since the scancode_key is automatically added as an alias and for ICU the scancode_key is x11.

Solution
In Python: do not look for the scancode_key when identifying the license
in JSON license files: add relevant scancode_keys to alias list (e.g. not x11 for ICU)

Treat the following the same: ', ", “

Suggestion: replace ',“ with "
Perhaps match beginning and ending quote

Can we add an interpretation of PSF, i.e.

• Python-2.0

Apache Software License (Apache-2.0)
Apache Software License (Apache License, Version 2.0)

Problematic names of licenses

• MPL
• EPL
• GPL
• LGPL
• BSD License (BSD License)
• BSD License (new BSD)
• Apache Software License
• OSI Approved :: Apache Software License
• PSL (Python Software License)
• PSL, PSF, PSFL, PSF License, PSF License Agreement, Python license, Python Software Foundation License
• ASL
• Public (is this "Public-Domain"?)

Is there an interpretation for the following: + /

The following command's output is incorrect:

$ flame compat "x11-keith-packard and Apache Software License, Ve rsion 2.0 | mit"
(LicenseRef-flame-x11-keith-packard AND Apache-2.0) OR MIT

should be:

$ flame compat "x11-keith-packard and Apache Software License, Ve rsion 2.0 | mit"
(HPND AND Apache-2.0) OR MIT

BSD 2-Clause "Simplified"

BSD-3-clause New
BSD 3-Clause "New"
BSD 3-Clause New

Useful when a company have their own license id (spdx license ref) and want to map that to a license in osadl or elmat

Common Development and Distribution License (CDDL) is an alias for the ambiguity Common Development and Distribution License. An ambiguity should create a warning for the user (about the ambiguity) but a parse exception is raised instead.

$ flame license "Common Development and Distribution License (CDDL)"
Error: Could not parse "Common Development  AND  Distribution License  ( CDDL )". Exception: Invalid expression nesting such as (AND xx) for token: "(" at position: 47

Preferably the exception should be caught and the user should be warned about both:

• the license could not be parsed
• the license has an ambiguity

Note: it is "and" that causes the problem in the above example since "and" is part of the license syntax (e.g. MIT AND BSD-3-Clause)