Fix for #54 doesn't handle ambiguous poms correctly #61

pmonks · 2024-06-28T23:08:07Z

The fix for issue #54 unconditionally places an OR operator between all detected licenses from a pom.xml file, however there are cases where there is indeed ambiguity and the Maven conjunction rule cannot be applied. For example:

  <licenses>
    <license>
      <name>MIT/Apache</name>
    </license>
  </licenses>

should result in:

#{"Apache-2.0" "MIT"}

Furthermore there are complications in (probably exceptionally rare) cases where there might be multiple such ambiguous <license> blocks in the same pom.xml file - does that result in a combinatorial explosion in SPDX expressions? For example:

  <licenses>
    <license>
      <name>MIT/Apache</name>
    </license>
    <license>
      <name>BSD/GPL</name>
    </license>
  </licenses>

Should the result for this be:

#{"BSD-4-Clause OR MIT" "Apache-2.0 OR BSD-4-Clause" "GPL-3.0-only OR MIT" "Apache-2.0 OR GPL-3.0-only"}

?

The text was updated successfully, but these errors were encountered:

pmonks · 2024-07-02T00:20:38Z

To be clear I've only seen a few examples of the first case, and no examples of the second case, but right now lice-comb does the wrong thing in both cases.

Some examples of the first case:

pmonks added the bug Something isn't working label Jul 2, 2024

pmonks changed the title ~~Fix for #54 doesn't handle ambiugous poms correctly~~ Fix for #54 doesn't handle ambiguous poms correctly Jul 2, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix for #54 doesn't handle ambiguous poms correctly #61

Fix for #54 doesn't handle ambiguous poms correctly #61

pmonks commented Jun 28, 2024

pmonks commented Jul 2, 2024 •

edited

Loading

Fix for #54 doesn't handle ambiguous poms correctly #61

Fix for #54 doesn't handle ambiguous poms correctly #61

Comments

pmonks commented Jun 28, 2024

pmonks commented Jul 2, 2024 • edited Loading

pmonks commented Jul 2, 2024 •

edited

Loading