scancode-toolkit icon indicating copy to clipboard operation
scancode-toolkit copied to clipboard

Published 20 hours ago verified publisher icon nexB

Use full medata of PyPI packages for license detection

Open pombredanne opened this issue 1 year ago • 0 comments

For instance https://files.pythonhosted.org/packages/c9/5e/dc6acaf46d78979d6b03458b7a1618a68e152a6776fce95daac5e0f0301b/psycopg2-2.9.9.tar.gz has an ambiguous license in its manifest, but it has a proper license file in it PKG-INFO. We should report the correct referenced license: Extracted license statement is reported as lgpl-2.0-plus

    license: LGPL with exceptions
    classifiers:
      - 'License :: OSI Approved :: GNU Library or Lesser General Public License (LGPL)'

The LICENSE file referenced in the PKG-INFO has this instead lgpl-3.0-plus WITH openssl-exception-lgpl-3.0-plus AND zlib

pombredanne avatar Sep 13 '24 16:09 pombredanne