-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
License override does not work for third-party dependencies with multiple licenses #351
Comments
@ppalaga This is clearly a bug. As I can see in the code only the first license in alphabetical order is overridden. Another example: and override-THIRD_PARTY.txt file contains
and the result is
|
My first instinct would be to reject the override since the project has a license and we shouldn't ignore them on a whim. Unfortunately, many projects have an wrong / useless license name ("apl" - is that Apache? 1.0, 1.1 or 2.0? Or something else entirely?). I'd suggest to log at INFO level which licenses we override (if the project has some) and then replace the list with the override. |
Did you come to a decision on how to treat this case yet? We're generating our license book with |
We have the same issue here - we're generating a license overview of the dependencies so that we can easily provide our customers with the sources of the libraries that require source distribution (their licenses, that is). To avoid delays (due to discussions) and to make the list more clear, we'd like to override the licenses where one can choose. Overriding only the lexicographically first license (which is the current implementation) does not make sense anyways. I've changed the implementation so that an override-configuration overrides all license entries from a multi-license project. As suggested by @digulla, the implementation logs these actions to INFO. |
I can confirm this problem, any updates on the pending pr? |
Hi @caroso-de – I see no PR. |
depending on your judgement regarding the comments there... |
Hi @bmarwell, I was referring to #374 from @lama0206. If this works as @digulla suggests, I'd very much like it to be accepted. If the single merge conflict is all that needs to be done, maybe we can get this thing fixed after all. |
I think that the basic problem has been resolved in the master already (yet without logging etc) - unfortunately the master build is failing (and also the build of my PR). |
@bmarwell the build for the PR runs "on my machine" - I know that's hardly enough. Yet, I don't know what's the problem there:
That's not a problem of this PR (nor of the latest commit 4736bf6 in master...), is it? |
@lama0206 The dependencies you're using in your it are not locally available during the build. I'd suggest you make your testcase into a tiny aggregator project so that you can build your own dependency with two or more licenses: aggregator you'd then test against the results of the "my-test-module" |
@caroso-de Thanks for the suggestion. The IT is now running w/ a local dependency. |
@lama0206 you're welcome. Btw, does your pr also fix aggregate-add-third-party? |
Currently, overriding has to be set in the aggregator's configuration (I didn't change that):
produces an aggregated licence list with A (LIC-B-1.0) and B (LIC-B-1.0). Overriding the license of dependency A in a/child1/src/license/override-THIRD-PARTY.properties does not work. @caroso-de To be honest: I'm not sure - what's the intended behavior? |
@lama0206 I'm not sure either, for aggregate-add-third-party this sounds about right though. |
Pragmatically, this means that you'll end up with (possibly) different license reports depending on the report "level": Overriding in the child will not override the license in the parent's list. I can live with that - if you want to override the licenses in the child and the parent, its a choice you have to make (and document). It's both, a bit counter-intuitive and obvious once you know it. |
You mean - depending on whether you use aggregate-add-third-party or add-third-party? I'd personally be fine with that though it might not be what's intendet. Maybe one of the maintainers likes to weigh in? |
Any workarounds for this bug? |
It would benefit me a lot because |
…with multiple licenses (#374) Co-authored-by: Mathias Landhäußer <mathias@thingsthinking.net> Co-authored-by: Slawomir Jaranowski <s.jaranowski@gmail.com>
THANKS @slawekjaranowski |
Thnx @slawekjaranowski! |
When I'm trying to use license overriding for a library that have multiple licenses only first license from the list is overridden.
Example:
in generated THRID-PARTY.txt
(ALS 2.0) (GPL v2) (MPL 1.1) RabbitMQ Java Client (com.rabbitmq:amqp-client:5.1.2 - http://www.rabbitmq.com)
When I add
com.rabbitmq--amqp-client--5.1.2=Apache Software License - Version 2.0
to override-THIRD_PARTY.txt file the result is
(Apache Software License - Version 2.0) (GPL v2) (MPL 1.1) RabbitMQ Java Client (com.rabbitmq:amqp-client:5.1.2 - http://www.rabbitmq.com)
Should license overriding replace all the licenses specified for particular dependency?
The text was updated successfully, but these errors were encountered: