No license and copyright information in the files #1
Assignees
Labels
documentation
About end-user documentation
Comments
|
Thanks for pointing out https://reuse.software/! We'll certainly follow best practices regarding copyright / license headers and test data once we publish the final history. I believe we should keep the reference from |
sschuberth
added a commit
that referenced
this issue
Nov 6, 2017
Make it use Apache-2.0 like our real main project does. See #1. Change-Id: If3d99c821748aa9138286c0d0b9bddb37835a293
sschuberth
added a commit
that referenced
this issue
Nov 6, 2017
See #1. Change-Id: I91eba2957f6f6578de2c8aeeffa83e6f2fd5cb91
|
We just pushed the final history to the |
fviernau
added a commit
that referenced
this issue
Nov 27, 2023
The list licenses command may crash in case `sourceCodeDir` is not provided in the following scenarios: 1. When the source artifact has been scanned for the given `packageId` andi `vcsProcessed` is empty, then `fetchScannedSources()` crashes withing `Downloader.download()`, because the downloader throws when it attempts to download from VCS. 2. When the ORT file does not contain any scan result for the given package, then the downloader also throws. Ensure that the downloader always attempts to download from the right source code origin, to fix scenario #1. Furthermore, return early in case there is no scan result for the given package to fix scenario #2. Recently a similar crash has been fixed by [1] also by returning earlier. So, move the early return from [1] to an even earlier position. [1] 5a21932 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this issue
Nov 27, 2023
The list licenses command may crash in case `sourceCodeDir` is not provided in the following scenarios: 1. When the source artifact has been scanned for the given `packageId` and `vcsProcessed` is empty, then `fetchScannedSources()` crashes withing `Downloader.download()`, because the downloader throws when it attempts to download from VCS. 2. When the ORT file does not contain any scan result for the given package, then the downloader also throws. Ensure that the downloader always attempts to download from the right source code origin, to fix scenario #1. Furthermore, return early in case there is no scan result for the given package to fix scenario #2. Recently a similar crash has been fixed by [1] also by returning earlier. So, move the early return from [1] to an even earlier position. [1] #7832 Signed-off-by: Frank Viernau <[email protected]>
fviernau
added a commit
that referenced
this issue
Nov 27, 2023
The list licenses command may crash in case `sourceCodeDir` is not provided in the following scenarios: 1. When the source artifact has been scanned for the given `packageId` and `vcsProcessed` is empty, then `fetchScannedSources()` crashes withing `Downloader.download()`, because the downloader throws when it attempts to download from VCS. 2. When the ORT file does not contain any scan result for the given package, then the downloader also throws. Ensure that the downloader always attempts to download from the right source code origin, to fix scenario #1. Furthermore, return early in case there is no scan result for the given package to fix scenario #2. Recently a similar crash has been fixed by [1] also by returning earlier. So, move the early return from [1] to an even earlier position. [1]: #7832 Signed-off-by: Frank Viernau <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since this is an open Source compliance toolkit, I would love to see the best practises for a good OSS project realized in this project.
Some of the best practises are:
The FSFE hast set up a Project with best practizes relevant for smart license compliance support, the proejct is called reuse. Please see https://reuse.software/
No file of the current release carries a standarde license haeder, there is no license information in the files at all. The same applies to the copyright information, except the README.md file.
Regarding the README.md file, please remove the statement "See the LICENSE file in the root of this project for license details." because no license scanner can "auto conclude" such a statement.
The file oss-review-toolkit-preview/analyzer/src/funTest/assets/projects/synthetic/mixed/NPMNestedMaven/package.json
{
"name": "npmnestedmaven",
"version": "1.0.0",
"description": "A dummy NPM project with a nested Maven project",
"scripts": {
"test": "echo "Error: no test specified" && exit 1"
},
"author": "Sebastian Schuberth",
"license": "ISC",
"repository": {
"type": "git",
"url": "https://github.com/heremaps/oss-review-toolkit.git"
}
}
Carries a license information which doea not fit. Even in case of test files you should care for license hygiene
The text was updated successfully, but these errors were encountered: