Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set processed declared licenses to NONE instead of empty #2852

Closed
sschuberth opened this issue Jul 9, 2020 · 4 comments
Closed

Set processed declared licenses to NONE instead of empty #2852

sschuberth opened this issue Jul 9, 2020 · 4 comments
Labels
analyzer About the analyzer tool enhancement Issues that are considered to be enhancements

Comments

@sschuberth
Copy link
Member

sschuberth commented Jul 9, 2020
edited
Loading

We should think about whether it ever makes sense to set a declared license to NONE or NOASSERTION instead of just returning nothing / and empty set, because

  • NONE seems to be semantically equivalent to "empty",
  • for NOASSERTION the first case ("no attempt was made to determine the information") is never true because we always tried, and the second case ("intentionally no information is provided") we probably do not really care about, as we're only interested in whether it's empty, but not why.

@fviernau, @tsteenbe, any thoughts on that?
@sschuberth sschuberth added analyzer About the analyzer tool question An issue that is actually a question labels Jul 9, 2020
@sschuberth sschuberth mentioned this issue Jul 10, 2020
Merged
@tsteenbe
Copy link
Member

I would simply set it to NONE

NONE, if the SPDX file creator concludes there is no license available for this package; or

NOASSERTION if:
(i) the SPDX file creator has attempted to but cannot reach a reasonable objective determination;
(ii) the SPDX file creator has made no attempt to determine this field; or
(iii) the SPDX file creator has intentionally provided no information (no meaning should be implied by doing so).

@sschuberth sschuberth mentioned this issue Oct 5, 2020
Closed
@dgutson
Copy link

dgutson commented Mar 6, 2023

Hi, I got this NOASSERTION from Conan manifests.

  1. Is this NOASSERTION defined in the SPDX standard, or it is an ORT-specific thing?
  2. What is the current (not discussed intended) behavior when this is set, at least in C and C++ Conan-based projects?

@sschuberth
Copy link
Member Author

Is this NOASSERTION defined in the SPDX standard, or it is an ORT-specific thing?

The former, see e.g. https://spdx.github.io/spdx-spec/v2.3/file-information/#85-concluded-license-field.

What is the current (not discussed intended) behavior when this is set, at least in C and C++ Conan-based projects?

There is no special meaning in the context of C / C++ or Conan projects, but only the general meaning as defined for packages described via SPDX, see https://spdx.github.io/spdx-spec/v2.3/package-information/#715-declared-license-field.

Note that this issue is not about SPDX's use of NOASSERTION / NONE (which is fixed and defined), but about the use of NOASSERTION / NONE in ORT's own data model.

@sschuberth sschuberth added enhancement Issues that are considered to be enhancements and removed question An issue that is actually a question labels Apr 7, 2023
@sschuberth sschuberth changed the title Think about declared licenses of NONE or NOASSERTION Set processed declared licenses to NONE instead of empty Apr 7, 2023
@sschuberth
Copy link
Member Author

Closed as part of backlog grooming. Feel free to comment if you would like to contribute to this.

@sschuberth sschuberth closed this as not planned Won't fix, can't repro, duplicate, stale Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
analyzer About the analyzer tool enhancement Issues that are considered to be enhancements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sschuberth @tsteenbe @dgutson