SPDX[1] has an interesting format where they can report 2 (or more?) licenses in one.
There are a couple of things here that we will need to look at: 1. Metadata only stores one matching license. 2. Can we modify the output XML to list multiple licenses for a file without too much trouble. I don't think the existing XLST will have problems with it. 3. SPDX [1] has an interesting format where they can report 2 (or more?) licenses in one. Perhaps we should use their format for license identification. This would allow us to report the SPDX tags that reference multiple licenses. Also, everytime I look at the LicenseFamily code I wonder why there is a limit of 5 on the number of characters in the license family category. It feels like a formatting issue was pushed into the internal code. Drives me crazy. [1] https://spdx.dev/learn/handling-license-info/ On Thu, Mar 28, 2024 at 10:01 AM P. Ottlinger <[email protected]> wrote: > Hi, > > Am 28.03.24 um 09:41 schrieb Claude Warren: > > I got back to looking at 366 and discovered a problem that I think has > been > > lurking in the system for some time. Basically, if a file has the > > signatures for more than one license only one will be reported, and the > > selection of which one is (I think) random. > > thanks for analyzing this issue, which explains some random test > failuress ..... :( > > <snip> > > > My suggestion is we report all license matches and let the user decide > what > > to do. > > I'm in favour of reporting as many licenses as possible, but assume this > will break the current report format, that is optimized for one license > only. > > Not sure if downstream users have problems with that change?! > > Would we have a maximum license number or could this result in an > "endless" list of reported licenses, if a file with "all" thinkable > license files is provided to RAT? Initially I thought of adding a new > analyzer/reporting state "MULTIPLE" that is reported in the scan and a > detailed report that lists up to x (maybe 3 or 5?) maximum licenses per > file - WDYT? > > > > > My plan is to create a branch that reports multiple matching licenses and > > then merge that into RAT-366 to resolve the problem. This should give us > > all a chance to review the change before it gets added to the already > large > > RAT-366. > > +1 > > Thanks for your deep dive into RAT! > > Cheers, > Phil > -- LinkedIn: http://www.linkedin.com/in/claudewarren
