Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding SPDX identifier for custom url #43

Open
ILikeYourHat opened this issue Jul 29, 2021 · 6 comments
Open

Adding SPDX identifier for custom url #43

ILikeYourHat opened this issue Jul 29, 2021 · 6 comments

Comments

@ILikeYourHat
Copy link

Can you provide a way to map a custom license url to a SPDX indentifier?

For example, one of our dependency has this license url: https://opensource.org/licenses/mit-license. It's pretty oblivious that this dependency has MIT license, but there is no way to pass this knowledge to the plugin. Something like:

licensee {
   assumeLicense('https://opensource.org/licenses/mit-license', 'MIT')
}

would be very helpful 🙂
@JakeWharton
Copy link
Collaborator

You can send a PR to add the link to the fallback list:

licensee/src/main/kotlin/app/cash/licensee/licenses.kt

Lines 61 to 70 in 41fd142

val fallbackId = when (url) {
"http://www.apache.org/licenses/LICENSE-2.0.txt",
"https://www.apache.org/licenses/LICENSE-2.0.txt",
-> "Apache-2.0"
"http://creativecommons.org/publicdomain/zero/1.0/",
-> "CC0-1.0"
else -> null
}

At present I do not plan on exposing the ability to change this list dynamically since ideally we are trending towards adhering to the URLs in the SPDX specification, or perhaps we should implore SPDX to allow multiple canonical URLs for a license.

@ILikeYourHat
Copy link
Author

ILikeYourHat commented Jul 29, 2021
edited
Loading

This link is just an example, in my app I have 15+ different links like those, some pointing to license file on library author site. Adding them all to the fallback list isn't probably what you mean. And suppressing stuff because "I've checked and that's MIT" doesn't scale very well on the library side.

Don't get me wrong, this is a great library. But I though it will be an alternative to OSS Licenses Gradle Plugin. Right now it does the validation very well, but not the licenses screen part :(

@JakeWharton
Copy link
Collaborator

The plugin outputs a JSON file that you can use to power a license screen in your web, desktop, or mobile application.

If they are relatively standard URLs the fallback list is where they should go. Otherwise you should encourage the libraries to migrate or simply allow the URL rather than the SPDX identifier it represents.

@DreierF DreierF mentioned this issue Jan 2, 2022
Open
@hfhbd hfhbd mentioned this issue Aug 3, 2022
Closed
@hfhbd
Copy link
Contributor

hfhbd commented Aug 3, 2022

Changing the pom files of the libraries is only possible if it is merged, the library is updated regularly and you can use this new version.
This is not always the case, or possible.
My use case is reporting. We are uploading and aggregating the json files for legal and compliance reasons, so setting the spdx id in Gradle would be very nice, otherwise you get an unknown license error and you need to fix it in the upload tool, which is annoying and a manual step, required for each dependency and version bump.

@hfhbd
Copy link
Contributor

hfhbd commented Mar 11, 2023

@JakeWharton Do you accept a PR or are you still not convinced?

@JakeWharton
Copy link
Collaborator

Wanting to map custom URLs to existing IDs for the purpose of the JSON is pretty compelling.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JakeWharton @ILikeYourHat @hfhbd