Comments (4)
mainej
commented on June 10, 2024
The current github code for the ansi gem doesn't include GPLv2. However, as of release 1.4.3 (the latest release on rubygems) GPLv2 is in COPYING.rdoc. LicenseFinder examines the files in your local install of the gem, so assuming you have 1.4.3 installed, it's finding that older license. So, I think LicenseFinder is doing the right thing.
You could argue that when a gem is released under multiple licenses, LicenseFinder chooses one a bit arbitrarily. Even back in version 1.4.3 the ansi gem was released under FreeBSD too. Defining how to show multiple licenses, or prefer certain licenses may deserve a separate issue.
In any case, one way to fix this is to ask the ansi gem maintainers to release a version that mentions the FreeBSD license in the gemspec. LicenseFinder prefers using the gemspec over detecting licenses in files. I'll open a separate issue requesting that LicenseFinder also respect the gemspec when it mentions multiple licenses.
For reference, it looks like commit rubyworks/ansi@53bf2b7 removed GPLv2 from ansi, in the process of moving files around.
from licensefinder.
cschramm
commented on June 10, 2024
Thanks for looking into it. The COPYING.rdoc of 1.4.3 looks quite like the NOTICE.md that I mentioned for the current master. Both files mention a lot of licenses and I cannot see any valid way for license_finder to find the correct one for the gem. I think in such cases it's best to not detect a license and report as "other". The user will then have to look into it and set the correct one. That's far better than always reckoning that LF detect WRONG licenses and thus not being able to rely on it.
In the given case it's of course not so problematic, since the actual license is far more permissive than the reported one, but it could easily be the other way around.
from licensefinder.
BrentWheeldon
commented on June 10, 2024
Yeah, I agree. If there are multiple licenses found we should not report any of them. I've added a story to pivotal tracker story here.
from licensefinder.
mainej
commented on June 10, 2024
If I remember, in the early days of LF, it thought many gems had multiple licenses. For some, that's legitimate: they are intentionally released under multiple licenses.
Others were just false positives. The license matching heuristics have changed since then, so it might not be a problem anymore.
Originally LF tried to show all the possible licenses, and encouraged people to do their own research. However, early users quickly got tired of that, which is now reflected by the fact that LF shows only one license. In any case, showing none might cause some strife.
from licensefinder.
Related Issues (20)
- Scanning for Flutter dependency licenses is broken HOT 3
- SPM local packages HOT 2
- Pathname with spaces is not properly escaped HOT 2
- LicenseFinder hangs / stuck with Electron and Yarn HOT 3
- Unable to parse requirements file containing arguments to pip HOT 2
- Asterisk shouldn't affect license permission HOT 1
- Parse and validate valid license expressions HOT 2
- Don't get licenses when running docker in Azure Pipeline HOT 1
- GitHub Rate Limit HOT 2
- LF is trying to open nuget.exe on macos / linux HOT 2
- Further Package Support HOT 2
- nuget <licenseUrl> is deprecated HOT 1
- [BUG] 'permitted_licenses add' not working properly for all licenses using spdx-id format. LGPL and Python for sure. HOT 2
- docker image has EOL python 3 version HOT 2
- Gradle command issue HOT 2
- Add possibility to permit / restrict licenses based on regex HOT 2
- Yarn 2 does not work for recursive projects HOT 2
- Ubuntu PHP PPA has dropped support for Bionic HOT 2
- Missing licenses for npm packages HOT 6
- Prune unnecessary decisions when packages/LicenseFinder improves HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from licensefinder.