LICENSE and LICENSE.doc causes go-license-detector to see only evidence of CC-BY-SA-4.0 #68
Comments
|
interesting. It is a common pattern for projects that carry multiple licenses for all their components. Even if we fix for this project, that is a bug in the scanner and should be fixed there. |
|
What I've seen so far in other projects are declarations like (BSD-3-Clause OR GPL-2.0) or (MIT AND BSD-3-Clause) in their single license. For instance, https://github.com/crypto-browserify/sha.js/blob/master/LICENSE contains both licenses in a single LICENSE file; here, go-license-detector identifies the LICENSE contents as "(MIT AND BSD-3-Clause)". |
|
putting things in a single license files breaks the auto detection in
GitHub as far as I can tell:
https://github.com/crypto-browserify/sha.js
[image: Screen Shot 2021-10-05 at 4.25.00 PM.png]
…On Tue, Oct 5, 2021 at 4:17 PM TheDiveO ***@***.***> wrote:
What I've seen so far in other projects are declarations like
(BSD-3-Clause OR GPL-2.0) or (MIT AND BSD-3-Clause) in their single
license. For instance,
https://github.com/crypto-browserify/sha.js/blob/master/LICENSE contains *both
licenses in a single LICENSE file*; here, go-license-detector identifies
the LICENSE contents as "(MIT AND BSD-3-Clause)".
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#68 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAPSIIPBFPW4EHMLWVBDALUFMJG5ANCNFSM5FLZ42SA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
--
Cheers,
Chris Aniszczyk
https://aniszczyk.org
|
|
Ah, good to know! |
|
A look into go-license-detector reveals that it scans (beyond others) files named "license" with certain extensions, but not .doc. So Im closing this issue and file an issue with the detector project. Thank you for your help! |
|
Is there a reason for using a |
When scanning Go module dependencies to create BOMs with tools like cyclonedx-gomod the setup of this repository/Go module with both LICENSE and LICENSE.doc causes the go-license-detector to see only evidence of CC-BY-SA-4.0. go-license-detector does not detect the presence of the Apache-2.0 license in LICENSE, or this evidence gets thrown under the bus in the process of creating the BOM by tools using go-license-detector.
Would it be possible to clean up the LICENSE and LICENSE.doc files with preferably only a single LICENSE file that tools like go-license-detector can correctly handle?
The text was updated successfully, but these errors were encountered: