Skip to content

Commit

Permalink
validate: map_license_to_spdx: define the mapping based on rosdistro …
Browse files Browse the repository at this point in the history
…statistics

* see the license value statistics in:
  ros-infrastructure/superflore#271 (comment)

* with this applied, there are following statistics across all currently used ROS
  distributions in rosdistro:

* License values which were unambiguously mapped to one of SPDX identifiers:
   1064 WARNING: The license value "Apache License 2.0" is not valid SPDX identifier, please use "Apache-2.0" instead
    741 WARNING: The license value "Apache 2.0" is not valid SPDX identifier, please use "Apache-2.0" instead
     77 WARNING: The license value "LGPLv3" is not valid SPDX identifier, please use "LGPL-3.0-only" instead
     75 WARNING: The license value "GPLv3" is not valid SPDX identifier, please use "GPL-3.0-only" instead
     73 WARNING: The license value "BSD 3-Clause" is not valid SPDX identifier, please use "BSD-3-Clause" instead
     34 WARNING: The license value "GPLv2" is not valid SPDX identifier, please use "GPL-2.0-only" instead
     34 WARNING: The license value "BSD-3" is not valid SPDX identifier, please use "BSD-3-Clause" instead
     26 WARNING: The license value "Apache 2" is not valid SPDX identifier, please use "Apache-2.0" instead
     23 WARNING: The license value "Apache License, Version 2.0" is not valid SPDX identifier, please use "Apache-2.0" instead
     21 WARNING: The license value "Apache2" is not valid SPDX identifier, please use "Apache-2.0" instead
     14 WARNING: The license value "zlib" is not valid SPDX identifier, please use "Zlib" instead
     10 WARNING: The license value "APACHE2.0" is not valid SPDX identifier, please use "Apache-2.0" instead
      8 WARNING: The license value "GNU Lesser Public License 2.1" is not valid SPDX identifier, please use "LGPL-2.1-only" instead
      6 WARNING: The license value "LGPLv2.1" is not valid SPDX identifier, please use "LGPL-2.1-only" instead
      6 WARNING: The license value "CC BY-NC-SA 4.0" is not valid SPDX identifier, please use "CC-BY-NC-SA-4.0" instead
      6 WARNING: The license value "BSD2" is not valid SPDX identifier, please use "BSD-2-Clause" instead
      5 WARNING: The license value "LGPL-2.1" is not valid SPDX identifier, please use "LGPL-2.1-only" instead
      5 WARNING: The license value "Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License" is not valid SPDX identifier, please use "CC-BY-NC-ND-4.0" instead
      4 WARNING: The license value "zlib License" is not valid SPDX identifier, please use "Zlib" instead
      4 WARNING: The license value "LGPL v2.1" is not valid SPDX identifier, please use "LGPL-2.1-only" instead
      4 WARNING: The license value "GNU General Public License v2.0" is not valid SPDX identifier, please use "GPL-2.0-only" instead
      4 WARNING: The license value "Eclipse Public License 2.0" is not valid SPDX identifier, please use "EPL-2.0" instead
      4 WARNING: The license value "Creative Commons BY-NC-ND 3.0" is not valid SPDX identifier, please use "CC-BY-NC-ND-3.0" instead
      4 WARNING: The license value "Boost Software License" is not valid SPDX identifier, please use "BSL-1.0" instead
      3 WARNING: The license value "Mozilla Public License Version 1.1" is not valid SPDX identifier, please use "MPL-1.1" instead
      3 WARNING: The license value "CreativeCommons-by-nc-sa-2.0" is not valid SPDX identifier, please use "CC-BY-NC-SA-2.0" instead
      3 WARNING: The license value "Boost Software License, Version 1.0" is not valid SPDX identifier, please use "BSL-1.0" instead
      2 WARNING: The license value "LGPL3" is not valid SPDX identifier, please use "LGPL-3.0-only" instead
      2 WARNING: The license value "ECL2.0" is not valid SPDX identifier, please use "EPL-2.0" instead
      2 WARNING: The license value "CreativeCommons-by-nc-4.0" is not valid SPDX identifier, please use "CC-BY-NC-4.0" instead
      2 WARNING: The license value "Boost" is not valid SPDX identifier, please use "BSL-1.0" instead
      2 WARNING: The license value "Boost Software License 1.0" is not valid SPDX identifier, please use "BSL-1.0" instead
      2 WARNING: The license value "BSL1.0" is not valid SPDX identifier, please use "BSL-1.0" instead
      2 WARNING: The license value "BSD 2-Clause License" is not valid SPDX identifier, please use "BSD-2-Clause" instead
      2 WARNING: The license value "Apache2.0" is not valid SPDX identifier, please use "Apache-2.0" instead
      2 WARNING: The license value "Apache v2.0" is not valid SPDX identifier, please use "Apache-2.0" instead
      2 WARNING: The license value "Apache v2" is not valid SPDX identifier, please use "Apache-2.0" instead
      2 WARNING: The license value "Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)" is not valid SPDX identifier, please use "Apache-2.0" instead
      1 WARNING: The license value "MIT License" is not valid SPDX identifier, please use "MIT" instead
      1 WARNING: The license value "LGPL v2.1 or later" is not valid SPDX identifier, please use "LGPL-2.1-or-later" instead
      1 WARNING: The license value "LGPL v2" is not valid SPDX identifier, please use "LGPL-2.0-only" instead
      1 WARNING: The license value "GPL-2.0" is not valid SPDX identifier, please use "GPL-2.0-only" instead
      1 WARNING: The license value "GPL v3" is not valid SPDX identifier, please use "GPL-3.0-only" instead
      1 WARNING: The license value "GNU GPL v3.0" is not valid SPDX identifier, please use "GPL-3.0-only" instead
      1 WARNING: The license value "CreativeCommons-Attribution-NonCommercial-ShareAlike-4.0-International" is not valid SPDX identifier, please use "CC-BY-NC-SA-4.0" instead
      1 WARNING: The license value "CreativeCommons-Attribution-NonCommercial-NoDerivatives-4.0" is not valid SPDX identifier, please use "CC-BY-NC-ND-4.0" instead
      1 WARNING: The license value "BSD 3-clause. See license attached" is not valid SPDX identifier, please use "BSD-2-Clause" instead
      1 WARNING: The license value "BSD 3-clause Clear License" is not valid SPDX identifier, please use "BSD-2-Clause" instead
      1 WARNING: The license value "Apachi 2" is not valid SPDX identifier, please use "Apache-2.0" instead
      1 WARNING: The license value "Apache License Version 2.0" is not valid SPDX identifier, please use "Apache-2.0" instead

* License texts which were replaced with more common version
  Biggest issue is clearly the "TODO" string from catkin package template which people forget to update
     31 WARNING: The license value "TODO" is not valid SPDX identifier, and it is usually used as "TODO-CATKIN-PACKAGE-LICENSE"
      6 WARNING: The license value "proprietary" is not valid SPDX identifier, and it is usually used as "Proprietary"
      6 WARNING: The license value "Public domain" is not valid SPDX identifier, and it is usually used as "PD"
      5 WARNING: The license value "Public Domain" is not valid SPDX identifier, and it is usually used as "PD"

* License texts which weren't mapped to SPDX, usually because the license version wasn't specified
  or when some more creative form of license description was used
  Biggest issue is clearly the "BSD" without Clause specification
  followed by recipes using multiple licenses while not using
  clear separator between them (e.g. OpenEmbedded supports '&' '|' '(' ')':
  http://git.openembedded.org/openembedded-core/tree/meta/lib/oe/license.py?id=8e2d0575e4e7036b5f60e632f377a8ab2b96ead8#n42 )

   4711 WARNING: The license value "BSD" cannot be mapped to valid SPDX identifier
     81 WARNING: The license value "LGPL" cannot be mapped to valid SPDX identifier
     63 WARNING: The license value "GPL" cannot be mapped to valid SPDX identifier
     31 WARNING: The license value "TODO" cannot be mapped to valid SPDX identifier
     20 WARNING: The license value "United States Government Purpose" cannot be mapped to valid SPDX identifier
     20 WARNING: The license value "SwRI Proprietary" cannot be mapped to valid SPDX identifier
     18 WARNING: The license value "Apache" cannot be mapped to valid SPDX identifier
     16 WARNING: The license value "ASL 2.0" cannot be mapped to valid SPDX identifier
     14 WARNING: The license value "EPL" cannot be mapped to valid SPDX identifier
     10 WARNING: The license value "GNU Lesser General Public License (LGPL)" cannot be mapped to valid SPDX identifier
      8 WARNING: The license value "Proprietary" cannot be mapped to valid SPDX identifier
      7 WARNING: The license value "BSD,LGPL,Apache 2.0" cannot be mapped to valid SPDX identifier
      7 WARNING: The license value "BSD, LGPL" cannot be mapped to valid SPDX identifier
      7 WARNING: The license value "BSD, Apache 2.0" cannot be mapped to valid SPDX identifier
      6 WARNING: The license value "proprietary" cannot be mapped to valid SPDX identifier
      6 WARNING: The license value "Public domain" cannot be mapped to valid SPDX identifier
      6 WARNING: The license value "Creative Commons" cannot be mapped to valid SPDX identifier
      6 WARNING: The license value "BSD, GPL" cannot be mapped to valid SPDX identifier
      5 WARNING: The license value "Public Domain" cannot be mapped to valid SPDX identifier
      4 WARNING: The license value "TBD" cannot be mapped to valid SPDX identifier
      4 WARNING: The license value "CC-BY-SA" cannot be mapped to valid SPDX identifier
      4 WARNING: The license value "BSD License 2.0" cannot be mapped to valid SPDX identifier
      3 WARNING: The license value "N/A" cannot be mapped to valid SPDX identifier
      3 WARNING: The license value "HOYA License" cannot be mapped to valid SPDX identifier
      3 WARNING: The license value "HEBI C++ Software License (https://www.hebirobotics.com/softwarelicense)" cannot be mapped to valid SPDX identifier
      3 WARNING: The license value "GPLv2 with linking exception" cannot be mapped to valid SPDX identifier
      3 WARNING: The license value "BSD,LGPL,LGPL (amcl)" cannot be mapped to valid SPDX identifier
      3 WARNING: The license value "BSD, some icons are licensed under the GNU Lesser General Public License (LGPL) or Creative Commons Attribution-Noncommercial 3.0 License" cannot be mapped to valid SPDX identifier
      3 WARNING: The license value "ALv2" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "Yujin Robot" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "TERMS OF USE FOR GUNDAM RESEARCH OPEN SIMULATOR Attribution-NonCommercial-ShareAlike" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "Southwest Research Institute Proprietary" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "KHI CAD license (mesh data, see readme)" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "GPL for sigblock" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "GPL because of list.h; other files released under BSD" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "Eclipse Distribution License 1.0" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "Commercial" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "Check author's website" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "Binary Only" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "BSD,GPL because of list.h; other files released under BSD,GPL" cannot be mapped to valid SPDX identifier
      2 WARNING: The license value "APLv2" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "specified in-file" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "see license.txt" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "see License.txt" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "free for research or education purpose, all rights maintained by David Applegate, William Cook, Sanjeeb Dash, and Monika Mevenkamp" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "free for academic research, for further licensing contact Wiliam Cook" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "WTF" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "Version 2.0" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "T.D.B" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "Slightech License" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "See license.txt" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "Lesser GPL and Apache License" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "LGPLv2.1, modified BSD" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "LGPL and Apache2" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "LGPL / BSD" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "GPL v2 with linking exception" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "GPL + runtime exception" cannot be mapped to valid SPDX identifier
      1 WARNING: The license value "FZI all rights reserved" cannot be mapped to valid SPDX identifier

Signed-off-by: Martin Jansa <martin.jansa@lge.com>
  • Loading branch information
shr-project committed Sep 18, 2020
1 parent 20c9bf1 commit fc3050e
Showing 1 changed file with 66 additions and 1 deletion.
67 changes: 66 additions & 1 deletion src/catkin_pkg/package.py
Original file line number Diff line number Diff line change
Expand Up @@ -279,15 +279,80 @@ def map_license_to_spdx(lic):
http://git.openembedded.org/openembedded-core/tree/meta/conf/licenses.conf
"""
return {
'Apache License Version 2.0': 'Apache-2.0',
'Apachi 2': 'Apache-2.0',
'Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)': 'Apache-2.0',
'Apache v2': 'Apache-2.0',
'Apache v2.0': 'Apache-2.0',
'Apache2.0': 'Apache-2.0',
'APACHE2.0': 'Apache-2.0',
'Apache2': 'Apache-2.0',
'Apache License, Version 2.0': 'Apache-2.0',
'Apache 2': 'Apache-2.0',
'Apache 2.0': 'Apache-2.0',
'Apache License 2.0': 'Apache-2.0',
'LGPL v2': 'LGPL-2.0-only',
'LGPL v2.1 or later': 'LGPL-2.1-or-later',
'LGPL v2.1': 'LGPL-2.1-only',
'LGPL-2.1': 'LGPL-2.1-only',
'LGPLv2.1': 'LGPL-2.1-only',
'GNU Lesser Public License 2.1': 'LGPL-2.1-only',
'LGPL3': 'LGPL-3.0-only',
'LGPLv3': 'LGPL-3.0-only',
'GPL-2.0': 'GPL-2.0-only',
'GPLv2': 'GPL-2.0-only',
'GNU General Public License v2.0': 'GPL-2.0-only',
'GNU GPL v3.0': 'GPL-3.0-only',
'GPL v3': 'GPL-3.0-only',
'GPLv3': 'GPL-3.0-only',
'ECL2.0': 'EPL-2.0',
'Eclipse Public License 2.0': 'EPL-2.0',
'Mozilla Public License Version 1.1': 'MPL-1.1',
'Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License': 'CC-BY-NC-ND-4.0',
'CreativeCommons-Attribution-NonCommercial-NoDerivatives-4.0': 'CC-BY-NC-ND-4.0',
'CreativeCommons-Attribution-NonCommercial-ShareAlike-4.0-International': 'CC-BY-NC-SA-4.0',
'CC BY-NC-SA 4.0': 'CC-BY-NC-SA-4.0',
'CreativeCommons-by-nc-4.0': 'CC-BY-NC-4.0',
'CreativeCommons-by-nc-sa-2.0': 'CC-BY-NC-SA-2.0',
'Creative Commons BY-NC-ND 3.0': 'CC-BY-NC-ND-3.0',
'BSD 3-clause Clear License': 'BSD-2-Clause',
'BSD 3-clause. See license attached': 'BSD-2-Clause',
'BSD 2-Clause License': 'BSD-2-Clause',
'BSD2': 'BSD-2-Clause',
'BSD-3': 'BSD-3-Clause',
'BSD 3-Clause': 'BSD-3-Clause',
'Boost Software License 1.0': 'BSL-1.0',
'Boost': 'BSL-1.0',
'Boost Software License, Version 1.0': 'BSL-1.0',
'Boost Software License': 'BSL-1.0',
'BSL1.0': 'BSL-1.0',
'MIT License': 'MIT',
'zlib License': 'Zlib',
'zlib': 'Zlib'
}.get(lic, None)

def map_license_to_more_common_format(lic):
"""
These aren't SPDX Identifiers, but lets unify them to use at least similar format.
"""
return {
'proprietary': 'Proprietary',
'Public Domain': 'PD',
'Public domain': 'PD',
'TODO': 'TODO-CATKIN-PACKAGE-LICENSE'
}.get(lic, None)

def validate_licenses(licenses, warnings):
for lic in licenses:
if is_valid_spdx_identifier(lic):
continue

if lic == 'TODO-CATKIN-PACKAGE-LICENSE':
common = map_license_to_more_common_format(lic)
if common:
lic = common
warnings.append('The license value "%s" is not valid SPDX identifier, and it is usually used as "%s"' % (lic, common))

if license == 'TODO-CATKIN-PACKAGE-LICENSE':
warnings.append('The license value "%s" is only temporary from the template, replace it with correct value' % (lic))
continue

Expand Down

0 comments on commit fc3050e

Please sign in to comment.