-
Notifications
You must be signed in to change notification settings - Fork 263
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Purposely fail to detect the license if multiple license files exist #114
Comments
As an example of how messy it can get, I have an AGPLv3+ project that's currently detected as CC0: https://github.com/TheLastProject/mkblog.sh/. |
As another example of this, I have a LICENSE file with multiple licenses, which is currently detected as the latter (BSD 3-clause) rather than the primary (ISC): https://github.com/rmccue/Requests/blob/master/LICENSE |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Seriously? That's a horrible way to manage issues. In that case: bump (because you're forcing me to) |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Bump... |
@benbalter Are there plans to detect dual licenses? Many large projects are dual licensed for compatibility. Also, https://github.com/rust-lang/rust and almost everything written in it is MIT/Apache-2.0 but GitHub (licensee) can't detect it. |
@ofek licensee isn't detecting a license in rust-lang/rust due to its If this (#114) issue were fixed, licensee wouldn't detect a license in rust-lang/rust even if the I don't know if there are plans to detect dual licenses. It'd be nice to have. I wonder what false positives would be caused/would need to be mitigated as a result? |
@mlinksva Oh, I see. What kind of false positives? |
@ofek one kind would be where a project's multiple license files aren't intended for offering the whole project under multiple licenses, but different parts of a project (eg code and content, project contributions and vendored material). If licensee detected multiple licenses for such a project, some or all of the reported licenses may be false for the project as a whole. I don't know how common this is, probably needs more investigation. |
@mlinksva Good point, thanks! Do you think detecting everything is worse than detecting none? |
@ofek probably. People seem to be more bothered by false positives than false negatives, and I'm pretty sympathetic to that. Detecting multiple licenses would be a significant change for licensee anyway, so I suppose that one approach might be to detect and report the existence of multiple license files, but not report that a repo is under any of those licenses. |
WIP fix over in #203. |
@benbalter Fantastic! |
Example of licensee (via Github) misdetecting an Apache 2.0/MIT dual license as just Apache 2.0: zkcrypto/pairing#14 The project contains no LICENSE file, only LICENSE-APACHE and LICENSE-MIT. The README.md references both. So it seems to me that it is doing everything right to avoid being detected as Apache 2.0-only already. |
E.g., I have
license.cc0.txt
andlicense.cc-by.txt
both in the root of the repo.We should bail due to the ambiguity.
The text was updated successfully, but these errors were encountered: