GPL-2.0-only detected in GPL-2.0-or-later

[pepper-jk]

Background

I am currently working on copyleft license compatibility rules. For this I created a test repository containing GPL-2.0-or-later and GPL-3.0 (later I added some CC licenses as well, but those are not relevant to the issue). Both license texts were copied from spdx.org.

Bug

When scanning said test repository, ORT detects both GPL-2.0-only and GPL-2.0-or-later, even though only GPL-2.0-or-later was added to the repo. This is due to the results of scancode:

- license: "GPL-2.0-only"
  location:
    path: "license-gpl-2.0-or-later.txt"
    start_line: 3
    end_line: 110
  score: 98.02
- license: "GPL-2.0-or-later"
  location:
    path: "license-gpl-2.0-or-later.txt"
    start_line: 110
    end_line: 114
  score: 100.0

As you can see scancode gives GPL-2.0-only a 98.02 score, even though it ignores the last 4 lines of the license text. And GPL-2.0-or-later only is detected in the last four lines.

I am not sure if this is caused by scancode direktly or by parameters set by ORT. Maybe you can help me clarify. And if only scancode is to blame, I will open an issue in their repo as well.

[sschuberth]

IMO only ScanCode is to blame 😁 However, by default ORT still uses ScanCode 30.1.0. Can you maybe try with the latest ScanCode 31.2.1 (manually, not via ORT, as we need to update our result parser first) before filing an issue with ScanCode directly?

[pepper-jk]

I can confirm that scancode 31.2.1 produces the same results.

I will now open an issue over there.

[sschuberth]

I will now open an issue over there.

Thanks. Please add the link to that issue back here for reference when closing this issue in exchange.