Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

License check output loses license information on Orbit-provided/approved dependencies #170

Open
dhendriks opened this issue Jun 3, 2022 · 1 comment
Open

License check output loses license information on Orbit-provided/approved dependencies #170

dhendriks opened this issue Jun 3, 2022 · 1 comment
Assignees
@waynebeaton

Comments

@dhendriks
Copy link

I get the following diff from the Eclipse ESCET nightly 3rd party dependency license check:

 maven/mavencentral/org.eclipse.sisu/org.eclipse.sisu.plexus/0.3.5, EPL-1.0, approved, technology.sisu
 maven/mavencentral/org.hamcrest/hamcrest-core/1.3, BSD-2-Clause, approved, CQ11429
 maven/mavencentral/org.jsoup/jsoup/1.8.3, MIT, approved, CQ12749
-p2/orbit/p2.eclipse.plugin/com.ibm.icu/67.1.0.v20200706-1749, ICU AND Unicode-TOU AND BSD-3-Clause AND BSD-2-Clause AND LicenseRef-ipadic-license AND LicenseRef-Public-Domain, approved, CQ22320
-p2/orbit/p2.eclipse.plugin/com.sun.jna.platform/5.8.0.v20210406-1004, Apache-2.0 OR LGPL-2.1-or-later, approved, CQ23218
-p2/orbit/p2.eclipse.plugin/com.sun.jna/5.8.0.v20210503-0343, Apache-2.0 OR LGPL-2.1-or-later, approved, CQ23217
-p2/orbit/p2.eclipse.plugin/io.github.java-diff-utils/4.8.0.v20201027-1614, Apache-2.0, approved, CQ22697
-p2/orbit/p2.eclipse.plugin/javax.annotation/1.3.5.v20200909-1856, EPL-1.0, approved, orbit
+p2/orbit/p2.eclipse.plugin/com.ibm.icu/67.1.0.v20200706-1749, , approved, orbit
+p2/orbit/p2.eclipse.plugin/com.sun.jna.platform/5.8.0.v20210406-1004, , approved, orbit
+p2/orbit/p2.eclipse.plugin/com.sun.jna/5.8.0.v20210503-0343, , approved, orbit
+p2/orbit/p2.eclipse.plugin/io.github.java-diff-utils/4.8.0.v20201027-1614, , approved, orbit
+p2/orbit/p2.eclipse.plugin/javax.annotation/1.3.5.v20200909-1856, , approved, orbit
 p2/orbit/p2.eclipse.plugin/javax.inject/1.0.0.v20091030, Apache-2.0, approved, CQ3555
 p2/orbit/p2.eclipse.plugin/org.apache.batik.anim/1.14.0.v20210324-0332, Apache-2.0, approved, #196
-p2/orbit/p2.eclipse.plugin/org.apache.batik.awt.util/1.14.0.v20210324-0332, Apache-2.0, approved, orbit
+p2/orbit/p2.eclipse.plugin/org.apache.batik.awt.util/1.14.0.v20210324-0332, , approved, orbit
 p2/orbit/p2.eclipse.plugin/org.apache.batik.bridge/1.14.0.v20210324-0332, Apache-2.0, approved, #196
 p2/orbit/p2.eclipse.plugin/org.apache.batik.constants/1.14.0.v20210324-0332, Apache-2.0, approved, #196
 p2/orbit/p2.eclipse.plugin/org.apache.batik.css/1.14.0.v20210324-0332, Apache-2.0, approved, #196
@@ -49,10 +49,10 @@
 p2/orbit/p2.eclipse.plugin/org.apache.commons.jxpath/1.3.0.v200911051830, Apache-2.0, approved, CQ10790
 p2/orbit/p2.eclipse.plugin/org.apache.commons.lang3/3.1.0.v201403281430, Apache-2.0, approved, CQ5902
 p2/orbit/p2.eclipse.plugin/org.apache.commons.logging/1.2.0.v20180409-1502, Apache-2.0, approved, CQ10162
-p2/orbit/p2.eclipse.plugin/org.apache.commons.math3/3.6.1.v20200817-1830, Apache-2.0, approved, orbit
-p2/orbit/p2.eclipse.plugin/org.apache.felix.scr/2.1.24.v20200924-1939, Apache-2.0, approved, CQ22609
-p2/orbit/p2.eclipse.plugin/org.apache.xalan/2.7.2.v20201124-1837, Apache-2.0, approved, CQ9587
-p2/orbit/p2.eclipse.plugin/org.apache.xerces/2.12.1.v20210115-0812, Apache-2.0 AND W3C-19980720, approved, CQ16951
+p2/orbit/p2.eclipse.plugin/org.apache.commons.math3/3.6.1.v20200817-1830, , approved, orbit
+p2/orbit/p2.eclipse.plugin/org.apache.felix.scr/2.1.24.v20200924-1939, , approved, orbit
+p2/orbit/p2.eclipse.plugin/org.apache.xalan/2.7.2.v20201124-1837, , approved, orbit
+p2/orbit/p2.eclipse.plugin/org.apache.xerces/2.12.1.v20210115-0812, , approved, orbit
 p2/orbit/p2.eclipse.plugin/org.apache.xml.resolver/1.2.0.v201005080400, Apache-2.0, approved, CQ1441
 p2/orbit/p2.eclipse.plugin/org.apache.xmlgraphics/2.6.0.v20210409-0748, Apache-2.0, approved, CQ23228
 p2/orbit/p2.eclipse.plugin/org.bouncycastle.bcpg/1.65.0.v20200527-1955, Apache-2.0, approved, CQ21975

With this new output of the Dash license check tool, all dependencies with are indicated as being from orbit no longer have their license indicated. Perhaps something has changed in the Dash license check tool that has caused a regression?

As all our dependencies are still approved, we can simply update our output. But still, maybe the regression should be addressed?
@waynebeaton waynebeaton self-assigned this Jun 3, 2022
@waynebeaton
Copy link
Member

Thanks for the report. There was a regression in the data (not the tool). I am investigating.

I recently tweaked how we sort out the license from Orbit data (which is not always consistently specified). My thinking is that this explains why the tool is reporting these entries as approved but without license data. More later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@waynebeaton waynebeaton

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dhendriks @waynebeaton