Dne 11. 03. 26 v 12:01 odp. sagitter--- via devel napsal(a):
Hi all.
Checking the license of next psblas3 release, `licensecheck` tool recognizes
this license file [1] as CMU
Upstream confirmed that psblas3 is distributed under a BSD-3-Clause instead [2].
Why does it look like `licensecheck` is confused with this license?
Short answer: Yes, the license is BSD-3-Clause. The `licensecheck` is confused
because it is old code.
Long answer:
The best way to identify license is to use https://github.com/spdx/spdx-license-diff It is browser plugin and allows you
to visualize the diff against the top matches. It is one (maybe the only one) tool that actualy implement License
Matching Guidelines. [1]
The SPDX license list is only reliable source that uses markup to define variation and optional parts in defintions.
This is biggest strength of SPDX License List.
But old tools - and licensecheck is among them - uses heuristics and regular expressions.. You can se the example how
they do it here [2]. It is up to you (maintainers) to ask developers of these old tools to start SPDX License List and
implement their matching guidelines.
For me, the best tool to scanning code is scancode-toolkit. It is described
here [3] with other known tools.
[1]
https://spdx.github.io/spdx-spec/v3.0.1/annexes/license-matching-guidelines-and-templates/#
[2]
https://salsa.debian.org/build-common-team/p5-string-license/-/blob/main/lib/String/License.pm?ref_type=heads#L881
[3]
https://docs.fedoraproject.org/en-US/legal/license-audit-tools/#_scancode_toolkit
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
