Solve license detection bugs

[AyanSinhaMahapatra]

Fixes #1907 #1910 #1911 #1912 #1914

Tasks

• Reviewed contribution guidelines
• PR is descriptively titled 📑 and links the original issue above 🔗
• Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR
  Run tests locally to check for errors.
• Commits are in uniquely-named feature branch and has no merge conflicts 📁

[AyanSinhaMahapatra]

Also I've reproduced and checked other bugs #1933 #1932 #1931 #1930 #1929 #1928 #1927 #1926 #1925 #1924 #1923 #1922 #1921 #1920 #1919 #1918 #1917 #1915. And all these are already solved by you @pombredanne in the 12-03-license-updates branch.

I've collected all these files to reproduce these bugs, initial scan reproduces them - scan results file. Then all the rules added by @pombredanne are indexed and the scan results are here - scan results files . Comparing you can see that the bugs are solved. Some them were remaining, are solved in this PR - #1908 #1910 #1911 #1912 #1914.
Remaining - #1905
All of these were reported by @armijnhemel . Thanks!

[codecov]

Codecov Report

Merging #1963 into 12-03-license-updates will decrease coverage by 0.66%.
The diff coverage is n/a.

@@                    Coverage Diff                    @@
##           12-03-license-updates    #1963      +/-   ##
=========================================================
- Coverage                  79.61%   78.94%   -0.67%     
=========================================================
  Files                        131      131              
  Lines                      17642    16946     -696     
=========================================================
- Hits                       14045    13378     -667     
+ Misses                      3597     3568      -29     

Impacted Files	Coverage Δ
src/packagedcode/build.py	74.44% <0.00%> (-5.56%)	⬇️
src/packagedcode/rubygems.py	70.89% <0.00%> (-5.38%)	⬇️
src/scancode/resource.py	86.98% <0.00%> (-3.62%)	⬇️
src/summarycode/plugin_consolidate.py	94.21% <0.00%> (-2.36%)	⬇️
src/scancode/cli.py	76.96% <0.00%> (-2.23%)	⬇️
src/scancode/api.py	95.54% <0.00%> (-0.64%)	⬇️
src/licensedcode/match.py	77.69% <0.00%> (-0.37%)	⬇️
src/scancode/outdated.py	81.25% <0.00%> (+0.19%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2a90d9f...7984a2e. Read the comment docs.

[pombredanne]

@AyanSinhaMahapatra This is looking great! You really grok license detection now!
See my comments in line.

[pombredanne]

In most cases , we are trying to avoid keeping copyright statements in license detection rules. So IMHO you could remove these two lines

[AyanSinhaMahapatra]

This works perfectly. Pushing changes with removed lines.

[pombredanne]

It would be interesting to also have another rule (and may be have only that rule) WITHOUT the libltdl reference?
For instance rather than start with:
GNU Libltdl is free software; you can redistribute it and/or
use this:
GNU is free software; you can redistribute it and/or

and remove the libtdl word elsewhere?
Because of the way the license detection ignores words it doe not know about (such as libtdl) this will not have any impact and will be detected with the automaton... And it can also detected exactly several other variants.

[AyanSinhaMahapatra]

This works perfectly for this case, i.e. (having only that rule) it would also detect if the text's exactly same apart from "Libltdl". I was wondering if I can keep the original rule with a higher relevance, and the non-liblltdl one with a lower relevance score, so it detects other similar stuff but in case of multiple matches would prioritize other more relevant matches. I'm pushing that.

[AyanSinhaMahapatra]

IMHO I think there's some work to be done in standardizing relevance scores and minimum coverages across all the rules, after performing statistics on false positive/unknown matches, as these are kind of happening regularly in bugs. This would be one of the smaller important tasks of the GSoC project, what do you think?

[AyanSinhaMahapatra]

Is there some doc on how relevance scores are given out to rules? I see the general trend in rule names/texts vs their relevance/relevance scores, and how they affect license scores, but are there any strict guidelines I mean?

[pombredanne]

liblltdl

IMHO only the one without liblltdl would be enough

[pombredanne]

IMHO I think there's some work to be done in standardizing relevance scores and minimum coverages across all the rules, after performing statistics on false positive/unknown matches, as these are kind of happening regularly in bugs. This would be one of the smaller important tasks of the GSoC project, what do you think?

excellent idea 👍

[pombredanne]

Is there some doc on how relevance scores are given out to rules? I see the general trend in rule names/texts vs their relevance/relevance scores, and how they affect license scores, but are there any strict guidelines I mean?

The relevance is computed dynamically based on the size of a rule OR stored and assigned manually as a curated value based on judgment.
See

• https://github.com/nexB/scancode-toolkit/blob/d18fd2db7ba2dd893a4c46bdbbc9d7db8fb710c1/src/licensedcode/models.py#L729
• https://github.com/nexB/scancode-toolkit/blob/d18fd2db7ba2dd893a4c46bdbbc9d7db8fb710c1/src/licensedcode/models.py#L1089

[AyanSinhaMahapatra]

IMHO only the one without liblltdl would be enough

Done.

[AyanSinhaMahapatra]

3. bison 2.4.3: GPL-3.0-or-later file also recognized as "Free unknown" #1907 Even after having a 100% match coverage with the correct gpl-3.0-plus LICENSE(not rule), matches with another free-unknown Rule. File

    {
      "path": "Issues/1907-bison-2.4.3-getargs.c",
      "licenses": [
        {
          "key": "gpl-3.0-plus",
          "score": 100.0,
          "matched_rule": {
            "identifier": "gpl-3.0-plus.LICENSE",
            "license_expression": "gpl-3.0-plus",
            "licenses": [
              "gpl-3.0-plus"
            ],,
            "matcher": "2-aho",
            "rule_length": 102,
            "matched_length": 102,
            "match_coverage": 100.0,
            "rule_relevance": 100
          },
          "matched_text": "   This program is free software: you can redistribute it and/or modify\n   it under the terms of the GNU General Public License as published by\n   the Free Software Foundation, either version 3 of the License, or\n   (at your option) any later version.\n\n   This program is distributed in the hope that it will be useful,\n   but WITHOUT ANY WARRANTY; without even the implied warranty of\n   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n   GNU General Public License for more details.\n\n   You should have received a copy of the GNU General Public License\n   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */"
        },
        {
          "key": "free-unknown",
          "score": 100.0,
          "matched_rule": {
            "identifier": "free-unknown_1.RULE",
            "license_expression": "free-unknown",
            "licenses": [
              "free-unknown"
            ],
            "matcher": "2-aho",
            "rule_length": 23,
            "matched_length": 23,
            "match_coverage": 100.0,
            "rule_relevance": 100
          },
          "matched_text": "This is free software; see the source for copying conditions.  There is NO \\\nwarranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \\"
        }
      ],
      "license_expressions": [
        "gpl-3.0-plus",
        "free-unknown"
      ],

Even if the free-unknown rule's relevance is decreased to 50, nothing changes.

[pombredanne]

@AyanSinhaMahapatra in order to have an efficient discussion on each issue it may be simpler to have the comments you pasted above each in their own respective ticket, otherwise this is going to be a tad hairy to track comments and replies.
Some other points:

• it would be best to avoid link to Google docs for external files as these may go away: either paste the file in a comment or attach it as a .txt.
• when you paste snippets of scans do not truncate them in the middle (e.g. do not remove the line numbers for instance) as it makes things difficult to understand. You can always attach a whole scan as a .txt too.

[AyanSinhaMahapatra]

@pombredanne Added commits solving #1908 .

[pombredanne]

@AyanSinhaMahapatra may be you could find a slightly more descriptive commit message?

Add requested changes is not super useful: think about it this way: 6 months from now, you are looking at this same message. What information does this message tells you? IMHO not much.
Try to find something more explicit... tell a (mini) story or enough for this to be useful now for others and for you and others in the future.

[pombredanne]

Why is this not 100% relevant? is there any ambiguity that is a lgpl-2.0-plus WITH libtool-exception-2.0? I do not think so, furthermore, this is a large enough rule, so you could/should eschew storing a relevance there IMHO

[AyanSinhaMahapatra]

I forgot to remove this change, i.e. after doing this. Fixing this and the commit message too. Thanks for pointing out.

[pombredanne]

Thank you ++
We are almost there!

[pombredanne]

This should instead:

license_expression: bsd-new AND gpl-2.0-plus WITH bison-exception-2.2
 is_license_notice: yes
minimum_coverage: 99
referenced_filenames:
    - Copyright.txt

You may also want to create a second rule with only the BSD parts:

 Distributed under the OSI-approved BSD License (the "License");
  see accompanying file Copyright.txt for details.

[AyanSinhaMahapatra]

Right! Updating.

[AyanSinhaMahapatra]

So I've created a second rule with the BSD parts beforehand only, in this commit but didn't add bsd-new AND to the license_expression of gpl-2.0-plus WITH bison-exception-2.2, which I've pushed now. Does this work?

[pombredanne]

Since this is very close to a possible license tag of sorts, could there be a word before or after that could be included to make this more specific?

[AyanSinhaMahapatra]

Yes! Adding a line before.

[pombredanne]

Same comment as for the label = gpl2 rule

[AyanSinhaMahapatra]

Yes, will add a line before.

[pombredanne]

Was this really detected?

[AyanSinhaMahapatra]

No, only GPL1, GPL2 and GPL3 were detected. On second thought this is really unnecessary, removing and renaming these.

[pombredanne]

Was this really detected?

[AyanSinhaMahapatra]

No. On second thought this is really unnecessary, removing these.

[pombredanne]

Was this really detected?

[AyanSinhaMahapatra]

No. On second thought this is really unnecessary, removing these.

[pombredanne]

Was this really detected?

[AyanSinhaMahapatra]

No. On second thought this is really unnecessary, removing these.

[pombredanne]

LGTM! Thanks... Almost there: there is still a minor nitpicking/rename needed.

[pombredanne]

As a convention we name the rule after the license expression...
So may be use something like bsd-new_and_gpl-2.0-plus_with_bison-exception_....
(within reason, unless there many many licenses)

[AyanSinhaMahapatra]

Done.

[pombredanne]

This looks ready to merge to me. The tests failing are not related to this.
Thanks!