Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPL-1.0 false alarm improvement #2793

Closed
soimkim opened this issue Jan 11, 2022 · 2 comments · Fixed by #2799
Closed

GPL-1.0 false alarm improvement #2793

soimkim opened this issue Jan 11, 2022 · 2 comments · Fixed by #2799
Labels
bug

Comments

@soimkim
Copy link
Contributor

soimkim commented Jan 11, 2022

Description

Please leave a brief description of the bug or feature request:
File to analyze : https://android.googlesource.com/platform/external/dng_sdk/+/refs/tags/android-12.0.0_r25/Android.bp
// e.g. GPL in an MIT project might only apply to the contrib/ directory.

Because of the above sentence, Android.bp of many AOSP(https://android.googlesource.com/platform/) is analyzed as GPL-1.0.
Is there any way to handle that statement as an exception?

How To Reproduce

Tell us how to reproduce the issue.

  1. Download a file : https://android.googlesource.com/platform/external/dng_sdk/+/refs/tags/android-12.0.0_r25/Android.bp
  2. Run ScanCode

System configuration

For bug reports, it really helps us to know:

  • What OS are you running on? ubuntu 20.04
  • What version of scancode-toolkit was used to generate the scan file? 30.1.0
  • What installation method was used to install/run scancode? pip
@soimkim soimkim added the bug label Jan 11, 2022
@pombreda
Copy link

@soimkim thank you very much, this is excellent catch!

Is there any way to handle that statement as an exception?

Yes! it should be straight forward to create a is_false_positive rule for this sentence
e.g. GPL in an MIT project might only apply to the contrib/ directory. such that this is not detected as a false positive.

(Side note: shame on the Android developers for putting misleading licensing comments in their code! )
(Other side note: the move to Androird using Bazel build scripts has happened then... which means that we can tune the Bazel parser to ensure Android structure licensing details found in these are captured correctly ... using https://github.com/nexB/scancode-toolkit/blob/develop/src/packagedcode/build.py#L92 @JonoYang ^ FYI )

BTW, we should also add a new DNG license for the patent part https://android.googlesource.com/platform/external/dng_sdk/+/refs/heads/master/PATENTS @DennisClark FYI

KevinJi22 added a commit to KevinJi22/scancode-toolkit that referenced this issue Jan 18, 2022
@KevinJi22
Fix GPL license detection false positive aboutcode-org#2793
37202b4 
Add a false-positive rule for a file in Android. Fixes aboutcode-org#2793.

Signed-off-by: Kevin Ji <kyji1011@gmail.com>
@KevinJi22 KevinJi22 mentioned this issue Jan 18, 2022
Merged
4 tasks
pombredanne added a commit that referenced this issue Jan 24, 2022
@pombredanne
Merge pull request #2799 from KevinJi22/gpl-false-alarm
d746765 
Fix GPL license detection false positive #2793

Signed-off-by: Kevin Ji <kyji1011@gmail.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
@pombredanne
Copy link
Member

@KevinJi22 Thank you for fixing this in #2799

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GPL license detection false positive #2793 KevinJi22/scancode-toolkit
3 participants
@pombredanne @soimkim @pombreda