Add new licenses and license updates

[AyanSinhaMahapatra]

Also adds some updates to licenses added through #3653 for SPDX license list 3.23.
Reference: nexB/scancode-licensedb#49

Tasks

• Reviewed contribution guidelines
• PR is descriptively titled 📑 and links the original issue above 🔗
• Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR
  Run tests locally to check for errors.
• Commits are in uniquely-named feature branch and has no merge conflicts 📁
• Updated documentation pages (if applicable)
• Updated CHANGELOG.rst (if applicable)

[pombredanne]

@AyanSinhaMahapatra It looks like the same test is always failing on macOS
https://dev.azure.com/nexB/scancode-toolkit/_build/results?buildId=12808&view=logs&jobId=18502f45-be5b-5275-52a7-860551f3cfc3&j=18502f45-be5b-5275-52a7-860551f3cfc3&t=d9063ec4-3952-5d0f-fe7b-66b4bb1a9c57

=================================== FAILURES ===================================
2024-02-21T15:39:48.7465110Z ___________________________ test_scan_does_scan_rpm ____________________________
2024-02-21T15:39:48.7466050Z [gw1] darwin -- Python 3.8.18 /Users/runner/work/1/s/venv/bin/python
2024-02-21T15:39:48.7466410Z 
2024-02-21T15:39:48.7466990Z     def test_scan_does_scan_rpm():
2024-02-21T15:39:48.7472660Z         test_file = test_env.get_test_loc('rpm/fping-2.4-0.b2.rhfc1.dag.i386.rpm')
2024-02-21T15:39:48.7473420Z         expected_file = test_env.get_test_loc('rpm/fping-2.4-0.b2.rhfc1.dag.i386.rpm.expected.json')
2024-02-21T15:39:48.7474090Z         result_file = test_env.get_temp_file('results.json')
2024-02-21T15:39:48.7474810Z         run_scan_click(['--package', test_file, '--json', result_file])
2024-02-21T15:39:48.7475430Z >       check_json_scan(expected_file, result_file, remove_uuid=True, regen=REGEN_TEST_FIXTURES)

there must be something there. Not a heisenbug

[AyanSinhaMahapatra]

@pombredanne this could be something which is affecting macos and needs further review.
Note that we've had other tests failing too sometimes, for example see #2976 where it was the php_composer test. Looking into this seperately, since this is not related to the content of this PR as the tests are passing for the last commit: https://dev.azure.com/nexB/scancode-toolkit/_build/results?buildId=12815&view=results

[AyanSinhaMahapatra]

@DennisClark we have lots of versions of the Open works License here as rules, since we added the owl-0.9.4.LICENSE above, should we also add all these rules as seperate licenses as they are different versions?
See details below:

• other-permissive_owl_1.RULE: version 0.4
• other-permissive_owl_2.RULE: version 0.5
• other-permissive_owl_3.RULE: without any version, which license should this be a rule of
• other-permissive_owl_4.RULE: version 0.9.2
• other-permissive_owl_5.RULE: version 0.9.1
• other-permissive_owl_6.RULE: version 0.9
• other-permissive_owl_7.RULE: version 0.8
• other-permissive_owl_8.RULE: version 0.7
• other-permissive_owl_9.RULE: version 0.6
• other-permissive_owl_10.RULE: deprecated and added as the owl-0.9.4.LICENSE
• other-permissive_owl_11.RULE: version 0.9.3

[DennisClark]

I don't think they are used enough to merit adding as new licenses

[pombredanne]

Thanks! See some nits for your consideration.

[pombredanne]

To avoid false positive with real MIT licenses, I would put a minimum_coverage and some notes to explain the license:

Suggested change

	spdx_license_key: LicenseRef-scancode-saxix-mit
	spdx_license_key: LicenseRef-scancode-saxix-mit
	minimum_coverage: 95
	notes: this is the MIT license text with an extra clause wrt. commercial usage notification.

BTW, I strongly challenge the fact this is permissive. This license would be a major burden for any downstream user, so we need to tag this as proprietary or source available.

[DennisClark]

"major burden" ? I disagree. "Any use in a commercial product must be notified to the author by email
indicating company name and product name." It's just a required notification, and does not indicate that any permission is required. It's more of a special obligation than a restriction. I prefer to leave it as-is.

[DennisClark]

I am fine with the suggested notes.

[pombredanne]

@pabs3 FYI, many of these licenses were added based on your posts on IRC! 🙇

[pombredanne]

I just added a minor nit, looking fine otherwise and ready to merge. Just remove curlies from the main license text.

[AyanSinhaMahapatra]

Merging! Thanks @pombredanne @DennisClark @pabs3

[pabs3]

FTR: about the Stefano Apostolico MIT License, the requirement to contact the authors fails the Debian Free Software Guidelines (and the Open Source Definition based on them) because it discriminates against people who cannot do that or those who would be adversely affected by it; such as someone without an email account, a domestic violence victim, someone living on a desert island, or a dissident in a repressive regime. The Debian pages for these tests: https://wiki.debian.org/DesertIslandTest https://wiki.debian.org/DissidentTest

…

-- bye, pabs https://bonedaddy.net/pabs3/