On Wed, Mar 11, 2026 at 10:10 AM Philippe Ombredanne <[email protected]> wrote: > > Hi Neal! > > On Wed, Mar 11, 2026 at 2:28 PM Neal Gompa <[email protected]> wrote: > > > > On Wed, Mar 11, 2026 at 9:23 AM Philippe Ombredanne via legal > > <[email protected]> wrote: > > > > > > Hi Antonio: > > > > > > On Wed, Mar 11, 2026 at 12:02 PM sagitter--- via legal > > > <[email protected]> wrote: > > > > Checking the license of next psblas3 release, `licensecheck` tool > > > > recognizes this license file [1] as CMU > > > > Upstream confirmed that psblas3 is distributed under a BSD-3-Clause > > > > instead [2]. > > > > > > > > Why does it look like `licensecheck` is confused with this license? > > > > > > > > [1] https://github.com/sfilippone/psblas3/blob/development/LICENSE > > > > [2] https://github.com/sfilippone/psblas3/issues/37 > > > > > > This is a bug in licensecheck, whichever you consider: > > > > > > - the Perl licensecheck [3] from Debian is limited in that is use a > > > small list of ~ 1000 hand crafted limited regex patterns. This is > > > actively maintained from what I can see. > > > - the Go licensecheck [4] from Google had a limited set of limited > > > regex patterns, and is unmaintained for 4 years. > > > > > > You should use ScanCode toolkit [7] or ScanCode.io [8] for > > > comprehensive license detection, and it will get you a proper > > > BSD-3-Clause for that file. ScanCode deals with ~40K samples that are > > > not hand crafted and performs eventually a full detailed match. This > > > is supposed to be a better, maintained tool. > > > > > > Note also that there is more to it than meet the eyes if you run a > > > full scan. psblas3 LICENSE is a BSD-3-Clause alright, but the bulk of > > > the code in [5] has GPL notices, and there is a top license in [6] > > > that says this is a BSD-2-Clause, so things are not clear. I posted > > > upstream for that [9] > > > > > > Miroslav: > > > I recall that ScanCode is the main tool used for Fedora, is this correct? > > > > > > PS: I maintain ScanCode ;) > > > > > > > The primary tool is Debian's licensecheck. Everything else is > > secondarily used currently. > > IMHO Debian's licensecheck detection approach is limited and the tool > is not actively maintained. > > > Does ScanCode offer a way to emit license information with full > > license names instead of the identifiers? I would rather consumers of > > human-read reports have full license names like licensecheck > > instead of identifiers, since names are stable and identifiers are not. > > We report names and identifiers [1]. As well as the exact matched > texts, tagging also the non matched parts if any, using a full diff. > We also guarantee that identifiers are stable, e.g. never deleted, but > can be deprecated. > Are you bringing this up because of the GPL2+ problem of 2017 with rms > insisting to change A/L/GPL identifiers at SPDX ? >
It's one example. But it's not the only time an identifier has changed. 0BSD is another example as such. It's just much better to report to humans the actual name of the license instead of assuming people know what the identifiers are. At some level, I also want people to know what they're looking at. The soup of identifiers makes it easier for people to ignore what they *are* and the implications of them. I would vastly prefer *no* shortnames or machine-oriented identifiers are used at all in the human-focused license reports. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
