Skip to content
This repository has been archived by the owner on Dec 20, 2022. It is now read-only.

Incomplete License Descriptors in sample license.xml #58

Open
rmlekus opened this issue Oct 27, 2019 · 1 comment
Open

Incomplete License Descriptors in sample license.xml #58

rmlekus opened this issue Oct 27, 2019 · 1 comment
Labels
help wanted We are looking for contributors for this issue Prio: Low New feature or request Status: Accepted Issue or PR is accepted Type: Feature Issue or PR is a new feature

Comments

@rmlekus
Copy link
Contributor

rmlekus commented Oct 27, 2019

org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml contains numerous TODO entries for licenseText configurations.

$ grep -n TODO org.aposin.licensescout.configuration.sample/src/main/resources/*
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:11:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:20:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:29:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:75:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:93:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:462:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:476:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:511:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:525:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:535:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:598:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:608:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:622:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:632:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:642:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:1850:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:1917:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:1927:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:1942:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:1951:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:2273:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:2282:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:2354:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:2951:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:2968:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:4185:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:4448:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:4498:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5258:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5275:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5673:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5688:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5697:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5706:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5715:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5724:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5742:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5756:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5765:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5785:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5800:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5815:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5829:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5843:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5852:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:5868:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:6022:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:6032:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:6116:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:6130:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:6181:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:6195:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:6209:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:6218:		<licenseText>TODO</licenseText>
org.aposin.licensescout.configuration.sample/src/main/resources/licenses.xml:6227:		<licenseText>TODO</licenseText>

Bug report

TODO is copied literally into the generated license.txt report, resulting in an invalid license.txt while the maven build of the license report still completes with

[INFO] BUILD SUCCESS

Expected Behavior - What where you expecting to happen?

Current Behavior - What happens?

  • Build Error on "severe" license problems e.g. in case a license requires the license text to be provided by the project
  • Licenses which do not require such an extra literal copy shoud be configurable within license.xml to not provide the text at all, provide a link to e.g. spdx archives or other external references.
@rmlekus rmlekus added Prio: Triage Triage Priority Status: Pending Issue or PR awaits response Type: Bug Issue or PR type is a bug labels Oct 27, 2019
@pfistererm
Copy link
Contributor

pfistererm commented Oct 30, 2019
edited by d-gs
Loading

In general, the configuration provided in org.aposin.licensescout.configuration.sample is an example. It is not intended to be used in real-world projects. For real projects a project specific configuration neds to be maintained anyway. One reason for this is that different projects use different licenses and they considere different licenses as acceptable or not acceptable, need special name or URL mappings, have different vendor IDs for exclusion of own artifacts, and need different excptions configured. So maintaining a configuration for a certain project is highly project specific. Therefore; I consider this out of scope of the open source project LicenseScout.

Also, providing license texts may have legal implications. If we miss an important sentence from a license text, and somebody relies on this text copied into the resulting report, the LicenseScout developers may be sued, which we want to avoid under all circumstances.

Regarding configuration, it is already possible to configure the license text as empty or leave out the tag '<licenseText>' completely. Also note that it is possible to configure one or more external URL with a license, with th primary one being taken over into the HTML report.

Under this circumstances I consider it a reasonable choice to have a 'TODO' in a sample configuration - as a reminder for the maintainer of a project specific configuration that there is something to do.

Raising an error on incomplete configuration may be considered as an additional feature.
It would be helpful if you can come up with a specification of the desired changes in the XML structure of licenses.xm and the expected behaviour. The specification should also take into account that not everybody considers a missing license text a severe error that should break a build. Therefore, a behaviour of terminating the execution of the LicenseScout (resulting in a build error) should be configurable with an additional maven parameter.

So I do not consider these issues as a "bug", but rather as a feature request.

@d-gs d-gs added Type: Feature Issue or PR is a new feature and removed Type: Bug Issue or PR type is a bug labels Oct 30, 2019
@holzerma holzerma added Prio: Low New feature or request Status: Accepted Issue or PR is accepted help wanted We are looking for contributors for this issue and removed Prio: Triage Triage Priority Status: Pending Issue or PR awaits response labels Oct 30, 2019
@pfistererm pfistererm mentioned this issue Dec 25, 2019
Merged
10 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted We are looking for contributors for this issue Prio: Low New feature or request Status: Accepted Issue or PR is accepted Type: Feature Issue or PR is a new feature
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rmlekus @pfistererm @holzerma @d-gs