From: Danny Milosavljevic <dannym@scratchpost.org>
To: David Craven <david@craven.ch>, guix-devel <guix-devel@gnu.org>
Subject: Re: License auditing
Date: Wed, 3 Aug 2016 19:55:11 +0200 [thread overview]
Message-ID: <20160803195511.3f55fc92@scratchpost.org> (raw)
In-Reply-To: <CAL1_im=8gC_Dq4YYn6vstB=vq6VPWPRvp65MgSedUiHYkO29DQ@mail.gmail.com>
On Wed, 3 Aug 2016 18:28:38 +0200
David Craven <david@craven.ch> wrote:
> How can I tell the difference between a lgpl2.1 and lgpl2.1+ license?
"or later"
> Is this a job that an automated tool could do? Detecting licenses
> included in a tarball?
I also wonder about that. Usually, the license text is just copied & pasted anyway, so it should be quite regular.
If there isn't one, I could write one which would basically, per source file,
- try to find SPDX identifier, if that doesn't work:
- ignore newline, "#" or ";" or "*" or "//" at the beginning of the line
- lex that into words, where "word" is either [a-zA-Z0-9-]+ or [.,;]
- try to 1:1 match with all the licenses similarily mapped
- if that didn't work, try to find signal words and guess the license and print the difference in a short form.
I could do that program in maybe 2 hours and find and extract all the official license texts in a few more hours. But does such a thing already exist? [Seems like something obvious to have and I'm writing many other things already.]
A human would still have to review the non-1:1 things - there could always be strange exceptions in the README or whatever - but the majority of cases should work just fine.
See also <https://spdx.org/licenses/> (especially <https://github.com/triplecheck/>), <http://www.sciencedirect.com/science/article/pii/S0164121216300905> (also lists several license checkers; Fossology seems to be a whole webservice which does that).
next prev parent reply other threads:[~2016-08-03 17:55 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-03 16:28 License auditing David Craven
2016-08-03 17:55 ` Danny Milosavljevic [this message]
2016-08-03 18:00 ` Jelle Licht
2016-08-03 18:05 ` Leo Famulari
2016-08-03 18:05 ` David Craven
2016-08-03 18:15 ` David Craven
2016-08-03 18:03 ` Leo Famulari
2016-08-03 20:42 ` Ludovic Courtès
2016-08-03 21:11 ` Alex Griffin
2016-08-03 22:59 ` David Craven
2016-08-04 14:23 ` Ludovic Courtès
2016-08-04 14:40 ` Alex Griffin
-- strict thread matches above, loose matches on Subject: below --
2016-08-04 17:41 Philippe Ombredanne
2016-08-04 18:34 Philippe Ombredanne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160803195511.3f55fc92@scratchpost.org \
--to=dannym@scratchpost.org \
--cc=david@craven.ch \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.