You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If there is multiple declared licenses in a package, separated by comma, the result.yml of ORT declares an OR-Operator in declared_licenses_processed.
The report of the same result file, overwrites this value and declares an AND-Operator instead.
This leads to unnecessary license incompatibilities.
To Reproduce
Steps to reproduce the behavior:
Do a full ORT run with a package that got multiple licenses declared, i.e. Maven:org.glassfish.jersey.core:jersey-common:3.0.15
(Apache License, 2.0, EPL 2.0, Public Domain, The GNU General Public License (GPL), Version 2, With Classpath Exception)
Check the result.yml under declared_licenses_processed for this package.
The value will be: "Apache-2.0 OR EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0 OR LicenseRef-scancode-public-domain-disclaimer"
Do a report as Webapp or evaluated-model.json
See the Licenses for this package.
The value will be: "Apache-2.0 AND EPL-2.0 AND LicenseRef-scancode-public-domain-disclaimer AND GPL-2.0-only WITH Classpath-exception-2.0"
Expected behavior
Same as in the result.yml, otherwise it's not consistent if the result.yml is the leading part in case of license declaration.
Apache-2.0 OR EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0 OR LicenseRef-scancode-public-domain-disclaimer
Console / log output
result.yml:
- id: "Maven:org.glassfish.jersey.core:jersey-common:3.0.15"
purl: "pkg:maven/org.glassfish.jersey.core/jersey-common@3.0.15"
authors:
- "Eclipse Foundation"
- "Oracle Corporation"
declared_licenses:
- "Apache License, 2.0"
- "EPL 2.0"
- "Public Domain"
- "The GNU General Public License (GPL), Version 2, With Classpath Exception"
declared_licenses_processed:
spdx_expression: "Apache-2.0 OR EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0\
\ OR LicenseRef-scancode-public-domain-disclaimer"
Describe the bug
If there is multiple declared licenses in a package, separated by comma, the result.yml of ORT declares an OR-Operator in declared_licenses_processed.
The report of the same result file, overwrites this value and declares an AND-Operator instead.
This leads to unnecessary license incompatibilities.
To Reproduce
Steps to reproduce the behavior:
(Apache License, 2.0, EPL 2.0, Public Domain, The GNU General Public License (GPL), Version 2, With Classpath Exception)
The value will be: "Apache-2.0 OR EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0 OR LicenseRef-scancode-public-domain-disclaimer"
The value will be: "Apache-2.0 AND EPL-2.0 AND LicenseRef-scancode-public-domain-disclaimer AND GPL-2.0-only WITH Classpath-exception-2.0"
Expected behavior
Same as in the result.yml, otherwise it's not consistent if the result.yml is the leading part in case of license declaration.
Apache-2.0 OR EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0 OR LicenseRef-scancode-public-domain-disclaimer
Console / log output
result.yml:
evaluated-model.json:
Environment
Output of the
ort requirements -l commands
command:Or manually specify:
And specify (relevant parts of) your ORT configuration (
config.yml
):Additional context
In this file, there's a statement, why the Operator should be an OR instead of an AND:
ort/plugins/package-managers/maven/src/main/kotlin/utils/MavenParsers.kt
Lines 204 to 205 in dbca2e0
The text was updated successfully, but these errors were encountered: