Comments (6)
@MartijnVdS I've opened a new PR (#104) which handles the situation you raised. Do you have any concerns with the tests/implementation there?
from python-license-check.
Based on the actions run prompting this issue, it appears that @MartijnVdS would also appreciate having GNU Lesser General Public License v2 or later (LGPLv2+)
in the proposed whitelist.
from python-license-check.
Oops. Reverting.
from python-license-check.
@MartijnVdS Thanks for identifying this issue.
Concerns
However, I'm concerned that a patch version was used to revert #100, which is itself a breaking change. I sympathize with the criticism that the current or
split is too broad, but an immediate revert disregards the or
-split's value in resolving the issue of combinatorial explosion of multiple licenses for most projects.
Furthermore, OR
is the keyword for separating license identifiers in the SPDX format which has become an international standard for tracking license requirements of software dependencies.
Proposed Solution
Surely a more productive fix would have been to add a test for GNU Library or Lesser General Public License (LGPL)
, then add it to a whitelist of licenses which would not be split by the character sequence or
. Such an approach would satisfy both needs without too much difficulty.
from python-license-check.
Reading the standard, it only specifies OR
in capital letters. Maybe not matching lowercase or
would do the trick?
from python-license-check.
Maybe not matching lowercase
or
would do the trick?
That could work. The existing code normalizes the casing to lowercase before checking licenses, but the OR
split* could happen before that normalization occurs.
- Note the spaces surrounding OR.
from python-license-check.
Related Issues (20)
- specifying a non-existant strategy file produces no error or warning
- liccheck doesn't notice project licenses in pyproject.toml HOT 1
- DeprecationWarning: pkg_resources is deprecated as an API HOT 1
- Support Python 3.12
- Provide Support for Poetry Dependency Groups
- Error when handling normalised names for package extras
- Editable requirements (-e) raises "DistributionNotFound: The 'None' distribution was not found"
- support pre-commit hook HOT 1
- pre-commit hooks is not working as expected HOT 3
- pkg_resources.VersionConflict: (pandas 1.3.5 (~/miniconda3/envs/myenv/lib/python3.8/site-packages), Requirement.parse('pandas==1.3.3')) HOT 1
- Normalized package names HOT 2
- Order licenses alphabetically
- Feature Request: Option To Specify Where To Look for License Information
- authorized_packages doesn't work in pyproject.toml HOT 1
- Improve error message in case a requirement is not installed.
- DistributionNotFound: The 'greenlet==1.1.3' distribution was not found and is required by the application HOT 3
- Allow matching with regex
- Dependency Dashboard
- Action Required: Fix Renovate Configuration
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-license-check.