-
Notifications
You must be signed in to change notification settings - Fork 1
/
.ort.yml
27 lines (21 loc) · 1.69 KB
/
.ort.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# SPDX-FileCopyrightText: 2014-2021 Sequent Tech Inc <legal@sequentech.io>
#
# SPDX-License-Identifier: AGPL-3.0-only
---
resolutions:
rule_violations:
- message: "The package PIP::frestq-with-requirements-requirements.txt:.* has the declared ScanCode copyleft catalogized license AGPL-3.0-only."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "The project is open source so it's normal that it's set as such."
- message: "The package PyPI::.* has the declared ScanCode copyleft-limited categorized license LGPL.*"
reason: "DYNAMIC_LINKAGE_EXCEPTION"
comment: "This is not a problem because python modules are always dynamic, see https://stackoverflow.com/questions/8580223/using-python-module-on-lgpl-license-in-commercial-product and https://mail.python.org/pipermail/tutor/2015-June/105759.html."
- message: "The package PyPI::.* has the declared ScanCode copyleft-limited categorized license MPL.*"
reason: "DYNAMIC_LINKAGE_EXCEPTION"
comment: "This is not a problem because we are not modifying the MPL code."
- message: "The package PyPI::uwsgi:.* has the declared ScanCode copyleft catalogized license GPL-2.0-only."
reason: "DYNAMIC_LINKAGE_EXCEPTION"
comment: "This is actually a GPL-2.0 with a linking exception, allowing not to have to relicense any linking code, such as our case."
- message: "The project PIP::frestq-with-requirements-requirements.txt:.* has the dependency PyPI::uwsgi:.* licensed under the ScanCode copyleft categorized license GPL-2.0-only."
reason: "DYNAMIC_LINKAGE_EXCEPTION"
comment: "This happens with uwsgi which is actually a GPL-2.0 with a linking exception, allowing not to have to relicense any linking code, such as our case."