Re: Suggestions on improvements

Home Messages Hashtags Subgroups

#51954

Re: Suggestions on improvements

Robert Berger #51954 Hi, On 08/01/2021 04:59, Meh Mbeh Ida Delphine wrote: Due to some mismatches, warnings pop up during the build. Below are some few sample warnings and I'm aware of false positives; Why do you think they are false positives? WARNING: glibc-2.32-r0 do_package: License for package nscd is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2 & LGPLv2.1 Check this file: FileName: ./spdx_temp/git/.pc/0026-inject-file-assembly-directives.patch/sysdeps/aarch64/crti.S FileChecksum: SHA1: 83c9d68d2f83ca0af8af2a918533f21004aac238 LicenseConcluded: NOASSERTION LicenseInfoInFile: LGPL-2.1-or-later LicenseInfoInFile: LicenseRef-scancode-unlimited-linking-exception-lgpl FileCopyrightText: <text>Copyright (c) 1995-2020 Free Software Foundation, Inc. </text> I play around with meta-spdxscanner and if you run e.g. scancode-toolkit it tells you: FileName: ./spdx_temp/git/nscd/cache.c FileChecksum: SHA1: ecec99d5427b03fe5c390f5fd78274a2a7c625e7 LicenseConcluded: NOASSERTION LicenseInfoInFile: GPL-3.0-or-later FileCopyrightText: <text>Copyright (c) 1998-2020 Free Software Foundation, Inc. </text> ;) Which comes from: This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License, or (at your option) any later version. So once someone determines what's the real license, I guess packages could be licensed accordingly ;) LICENSE_glibc-xxx = "GPLv3+" is it? Bring in the lawyers. WARNING: glibc-2.32-r0 do_package: License for package sln is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2 & LGPLv2.1 WARNING: glibc-2.32-r0 do_package: License for package ldconfig is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2 & LGPLv2.1 WARNING: glibc-2.32-r0 do_package: License for package glibc is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2 & LGPLv2.1 WARNING: glibc-2.32-r0 do_package: License for package glibc-staticdev is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2 & LGPLv2.1 WARNING: libcap-ng-0.8-r0 do_package: License for package libcap-ng is {'GPL-2.0 WITH Linux-syscall-note'} vs GPLv2+ & LGPLv2.1+> WARNING: libtirpc-1.2.6-r0 do_package: License for package libtirpc is {'GPL-2.0 WITH Linux-syscall-note'} vs BSD-3-Clause WARNING: ptest-runner-2.4.0+gitAUTOINC+834670317b-r0 do_package: License for package ptest-runner is {'GPL-2.0-or-later'} vs GPLv2+ I assume GPLv2+ is supposed to mean GPL-2.0-or-later. One fix would be to put in the LICENSE field of ptest-runnner GPL-2.0-or-later instead of GPLv2+. Another fix could be to add the mapping between GPLv2+ and GPL-2.0-or-later. WARNING: libcap-2.44-r0 do_package: License for package libcap is {'GPL-2.0 WITH Linux-syscall-note'} vs BSD \| GPLv2> WARNING: libcap-2.44-r0 do_package: License for package libcap-staticdev is {'GPL-2.0 WITH Linux-syscall-note'} vs BSD \| GPLv2 WARNING: openssl-1.1.1h-r0 do_package: License for package openssl-engines is {'GPL-2.0 WITH Linux-syscall-note', 'GPL-2.0+ WITH Linux-syscall-note'} vs openssl Any suggestions on improvements I can make to this functionality? Cheers, Ida. Regards, Robert
More All Messages By This Member

View All 2 Messages In Topic

#51954

Join {yocto@lists.yoctoproject.org to automatically receive all group messages.

Home Hashtags Subgroups Terms