Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance License Detection: Add Licenses to _licenseUrlOverrides list in util.js #1246

Open
wants to merge 10 commits into
base: master
Choose a base branch
from

Conversation

yashkohli88
Copy link
Contributor

@yashkohli88 yashkohli88 commented Dec 6, 2024

Description:

This PR enhances the license detection capabilities by adding new set of licenses to the _licenseUrlOverrides in util.js. These changes ensure that licenses are correctly identified and reflected in the ClearlyDefined section of harvested data.

List of Added Licenses:

  1. LGPL-2.1
  2. MPL-2.0
  3. MPL-1.1
  4. EPL-2.0
  5. EPL-1.0
  6. EDL-1.0
  7. CDDL1.1 or GPL-2.0-with-classpath-exception

Tasks Performed:

  • Developed regular expressions to cover each of the licenses listed above.
  • Associated the correct SPDX identifier with each license in the _licenseUrlOverrides list.
  • Expanded existing test cases to incorporate these new licenses.
  • Validated that these licenses are detected and populated in the ClearlyDefined results.

These updates aim to improve the accuracy and completeness of license data, supporting better license compliance and visibility.

Testing:

  • Comprehensive tests have been run to ensure new licenses are correctly identified and reported in the declared license of the definition.
  • Confirmed that these changes do not affect existing functionalities.

More details can be found in #1245

yashkohli88 and others added 3 commits December 6, 2024 12:34
@qtomlinson
Copy link
Collaborator

@elrayle This function is used by service when summarizing harvested information for maven and nuget components. Do we want to consider increment the tool versions for MavenExtract and NuGetExtract in the crawler, so that user can trigger a re-harvest to take advantage of this?

@jeffmendoza
Copy link
Member

I'd like a curator to check weather the OR is correct, or if it should be AND. The site is down, but is available in the internet archive:
https://web.archive.org/web/20120729183059/http://glassfish.java.net/public/CDDL+GPL_1_1.html

@yashkohli88
Copy link
Contributor Author

yashkohli88 commented Dec 11, 2024

I referred to the below content present in the header of pom file where it states the usage of 'OR' between these licenses.

    The contents of this file are subject to the terms of either the GNU
    General Public License Version 2 only ("GPL") or the Common Development
    and Distribution License("CDDL") (collectively, the "License").  You
    may not use this file except in compliance with the License.  You can
    obtain a copy of the License at
    https://oss.oracle.com/licenses/CDDL+GPL-1.1
    or LICENSE.txt.  See the License for the specific
    language governing permissions and limitations under the License.

Here are few maven library pom files.
https://repo1.maven.org/maven2/com/sun/jersey/jersey-client/1.19.4/jersey-client-1.19.4.pom
https://repo1.maven.org/maven2/javax/el/javax.el-api/2.2.5/javax.el-api-2.2.5.pom
https://repo1.maven.org/maven2/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.pom

@qtomlinson
Copy link
Collaborator

qtomlinson commented Dec 11, 2024

@capfei @ariel11 Could you please take a look at this pull request and provide your thoughts on the implementation and any areas for improvement?

@capfei
Copy link
Member

capfei commented Dec 17, 2024

I prefer to not use deprecated identifiers. Instead of GPL-2.0-with-classpath-exception, we curate GPL-2.0-only WITH Classpath-exception-2.0. It is harder with A/L/GPL since the -only or -or-later is usually known from file headers and not the license text.

@capfei
Copy link
Member

capfei commented Dec 17, 2024

There is no EDL-1.0. Eclipse Distribution License - v 1.0 is BSD-3-Clause.

image

@capfei
Copy link
Member

capfei commented Dec 17, 2024

Would it be possible to add https://glassfish.dev.java.net/public/CDDL+GPL.html with CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0? This one sometimes gets mixed up with CDDL+GPL_1_1.html which is CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0

@yashkohli88
Copy link
Contributor Author

@capfei Thank you for your feedback. I have incorporated all the changes suggested by you. Please feel free to add more suggestions for this list.

lib/utils.js Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants