scancode-toolkit icon indicating copy to clipboard operation
scancode-toolkit copied to clipboard

Published 20 hours ago verified publisher icon nexB

Add new incorrect SPDX license ids from typos in Fedora and elsewhere: GPL-3.0-or-only and LGPL-3.0-or-only

Open pombredanne opened this issue 1 year ago • 1 comments

See https://src.fedoraproject.org/rpms/supertuxkart/blob/rawhide/f/supertuxkart.spec#_17 License: GPL-2.0-or-later AND GPL-3.0-or-only AND CC-BY-1.0 AND CC-BY-3.0 AND CC-BY-4.0 AND OFL-1.1 AND Apache-2.0 AND Zlib

GPL-3.0-or-only is not a valid SPDX identifier. We should treat this as a GPL-3.0-only "other_spdx_key" for the gpl-3.0 scancode license. Same for other errors listed below.

Reported by @hesa Ping: @xsuchy something of interest to you

Beyond Fedora, we have also these other variants and incorrect ids:

  • incorrect GPL-3.0-or-only at https://github.com/kkzzhizhou/scoop-apps/blob/39f01d2cdf69c646768f0d122f1e003d4a13a8da/bucket/purewriter_chawyehsu.json#L5
  • incorrect GPL-3.0-or-only at https://aur.archlinux.org/packages/nuc970-nuwriter-git in Arch maintained by @taotieren also at https://github.com/taotieren/aur-repo/blob/aa453f4ff54b723479035a58e542ff9255d0b552/aur-repo/nuc970-nuwriter-git/PKGBUILD#L12
  • incorrect LGPL-3.0-or-only at https://github.com/valgur/conan-center-index/blob/90949d92ce7a0661eb490a50c6f23879460cf6c1/recipes/casadi/all/conanfile.py#L16 by @valgur
  • incorrect GPL-2.0-or-only in older Alpine https://github.com/alpinelinux/aports/blame/e284ee4af8b2ebe9699a7125205be34db120bfc3/testing/kbackup/APKBUILD#L9 and https://github.com/alpinelinux/aports/blame/e284ee4af8b2ebe9699a7125205be34db120bfc3/testing/kcachegrind/APKBUILD#L9
  • incorrect GPL-2.0-later at https://github.com/getsolus/packages/blob/de57d0bb15e7377d5a99a0b0199a1d3019660584/packages/l/libid3tag/package.yml#L7
    • https://github.com/linux-test-project/ltp/blob/0ac1e70cb7ec9cd6cf731dae676eb7af2206fa6d/testcases/kernel/syscalls/setreuid/setreuid07.c#L1
    • https://github.com/ToolmanP/erofs-rs/blob/e2a9e2188ae7029f390bdbb5ce3bce1a33c4abd6/mkfs/src/main.rs#L2
    • https://github.com/search?q="GPL-2.0-later"&type=code
  • incorrect LGPL-2.0-later https://github.com/infinitymdm/packages/blob/61ba3ee5002d99c7858131b3e10efb0a92d27821/packages/l/libdbusmenu-qt/package.yml#L6

And also:

  • https://opensource.stackexchange.com/questions/9557/upstream-re-licensing-project-from-gpl-3-0-to-mit-allowed

pombredanne avatar Sep 08 '24 15:09 pombredanne