Fix NoAssertion cases by using information in scancode results #1018
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In scancode, packages[0].license_expression contains license information. This later becomes 'declared_license_expression' (see aboutcode-org/scancode-toolkit@ab677c6#diff-47cc909d82dee95ebbb1a3d3a8ed519ae75684072c8f4867b90056d66863f964). Based on documentation, 'declared_license_expression' is the 'primary license expression as determined from the declaration(s) of the authors of the package'. See https://www.nexb.com/scancode-license-clarity-scoring/ When the existing logic fails to normalize, try to derive license information from packages[0].license_expression. Test cases: https://clearlydefined.io/definitions/git/github/jknack/handlebars.java/683c5e885d5dcdf3d17b33e9667f3fb153952016 https://clearlydefined.io/definitions/git/github/jenkinsci/workflow-support-plugin/35e2736cfd5c56799eece176328906d92b6a0dd1 https://clearlydefined.io/definitions/git/github/jenkinsci/durable-task-plugin/e5d4fc08b0be935e03229e23e99a0c92a780da5a https://clearlydefined.io/definitions/git/github/jenkinsci/pipeline-input-step-plugin/d8a957db5be95ddfbf81f41a60b2f034000314b5 https://clearlydefined.io/definitions/git/github/alephium/extension-wallet/d876b08e0c23ba58bcadedcc5b2a1975af386e6b https://clearlydefined.io/definitions/git/github/zonyitoo/conhash-rs/779ed931b07c1a9b643dc14f62db29bf8102fd1b https://clearlydefined.io/definitions/git/github/saleor/saleor-cli/2996c750aafb302cb1edaa1689f2d75fb5372c09 https://clearlydefined.io/definitions/git/github/zowens/crc32c/dea9e9acdbf696dd52e8a62524f0d6a3cb57d105 https://clearlydefined.io/definitions/debsrc/debian/-/python-tenacity/8.0.1-1
Collaborator
Author
|
@jeffwilcox @JamieMagee @elrayle The fixes were split from #999. Ready for review. |
elrayle
approved these changes
Nov 27, 2023
Collaborator
elrayle
left a comment
elrayle
left a comment
There was a problem hiding this comment.
Really great to see some of the NOASSERTIONs being addressed. I appreciate the commit comments and excellent test coverage. Made it easy to understand the changes and what they will cover.
Recent change utilizes packages[0].license_expression to derive license information. packages[0].license_expression sometimes contains partly unknown license inforamtion, e.g. "bsd-new AND unknown". In these cases, ignore package.license_expression containing NOASSERTION, and resort to the logic of figuring out the license based on root files.
Co-authored-by: E. Lynette Rayle <elrayle@users.noreply.github.com>
Collaborator
Author
|
@elrayle ready for review |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.