Requalify GPL detection rule as "clue" or rework detection #3833
Comments
pombredanne
changed the title
|
The same applies to https://github.com/apple/swift-nio-ssl/blob/7c381eb6083542b124a6c18fae742f55001dc2b5/Sources/CNIOBoringSSL/crypto/fipsmodule/sha256-armv8-linux.linux.aarch64.S |
|
See also this rule https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/rules/openssl-ssleay_or_bsd-new_or_gpl-1.0-plus_or_gpl-2.0_1.RULE that needs some love too as there is no gpl-1.0-plus in it. |
|
#3841 might be similar. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/rules/openssl-ssleay_gpl_mention_openssl.RULE is not a license notice:
Permission to use under GPL terms is granted.This is present in OpenSSL like at https://github.com/openssl/openssl/blob/master/crypto/sha/asm/sha256-armv4.pl or BoringSSL and derivative like https://raw.githubusercontent.com/apple/swift-nio-ssl/7c381eb6083542b124a6c18fae742f55001dc2b5/Sources/CNIOBoringSSL/crypto/fipsmodule/bsaes-armv7-ios.ios.arm.S but should NOT be reported as a GPL at all as this is noise.
We could also just treat this as a false positive entirely, or report it as OpenSSL-licensed since this is always seen with the previous "cryptograms" match: https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/rules/openssl-ssleay_or_bsd-new_2.RULE
The text was updated successfully, but these errors were encountered: