scancode-licensedb icon indicating copy to clipboard operation
scancode-licensedb copied to clipboard
verified publisher icon nexB

CryptoSwift license incorrectly identified as Zlib

Open hesa opened this issue 1 year ago • 1 comments

CryptoSwift license incorrectly identified as Zlib

The CONTRIBUTING and LICENSE files of CryptoSwift are incorrectly identified as Zlib license.

CryptoSwift: https://github.com/krzyzanowskim/CryptoSwift

  • LICENSE file: https://github.com/krzyzanowskim/CryptoSwift/blob/main/LICENSE
  • CONTRIBUTING file: https://github.com/krzyzanowskim/CryptoSwift/blob/main/CONTRIBUTING.md

Zlib: https://www.zlib.net/

  • license: https://www.zlib.net/zlib_license.html

Major difference

Zlib text

If you use this software in a product, an acknowledgment in the
product documentation would be appreciated but is not required.

CryptoSwift text

If you use this software in a product, an acknowledgment in the product documentation is required.

The difference

Zlib says: appreciated but is not required CryptoSwift: is required

This is quite a difference for users when complying with the license terms.

Additional notes

  • The CryptoSwift license needs an identifier

  • Unfortunately the LICENSE and CONTRIBUTING files have slightly different texts.

Reproducing

CONTRIBUTING file

Scanning the CONTRIBUTING file

mkdir contributing-file
cd    contributing-file
curl -LJ https://raw.githubusercontent.com/krzyzanowskim/CryptoSwift/refs/heads/main/CONTRIBUTING.md | grep "^//" > CONTRIBUTING.md
cd ..
scancode -clipe \
  --license-text   --license-text-diagnostics        \
  --classify       --license-clarity-score --summary \
  -n $(cat /proc/cpuinfo | grep processor | wc -l)   \
  --json-pp contributing-file.json contributing-file

Extracting the detected license

$ cat contributing-file.json | jq .files[].detected_license_expression_spdx
null
"Zlib"

LICENSE file

Scanning the LICENSE file

mkdir license-file
cd    license-file
curl -LJO https://raw.githubusercontent.com/krzyzanowskim/CryptoSwift/refs/heads/main/LICENSE
cd ..
scancode -clipe \
  --license-text   --license-text-diagnostics        \
  --classify       --license-clarity-score --summary \
  -n $(cat /proc/cpuinfo | grep processor | wc -l)   \
  --json-pp license-file.json license-file

Extracting the detected license

$ cat license-file.json | jq .files[].detected_license_expression_spdx
null
"Zlib"

Versions etc

  • scancode-toolkit 32.3.0
  • Ubuntu 24.04.1 LTS
  • Python 3.12.3

hesa avatar Dec 17 '24 18:12 hesa

@hesa Thanks for providing all the pertinent details, which are very helpful.

@AyanSinhaMahapatra New license LicenseRef-scancode-cryptoswift created in DejaCode enterprise and public instances. Please synchronize with scancode and the LicenseDB when you can, and correct the appropriate detection rules.

DennisClark avatar Dec 18 '24 00:12 DennisClark