Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positives in Eclipse Hawkbit #2550

Open
hanna-modica opened this issue Jun 11, 2021 · 1 comment
Open

False positives in Eclipse Hawkbit #2550

hanna-modica opened this issue Jun 11, 2021 · 1 comment
Labels
bug

Comments

@hanna-modica
Copy link
Contributor

Description

ScanCode reports BSD 3 Clause in multiple Eclipse Hawkbit classes, although it states Eclipse Public License v1.0.

Examples:

  • hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/common/event/FilterType.java line 4-15
  • hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/common/data/aware/DsIdAware.java line 4-14
  • hawkbit-ui/src/main/java/org/eclipse/hawkbit/ui/utils/SPUITargetDefinitions.java line 4-17

and many more

How To Reproduce

Scan https://github.com/eclipse/hawkbit with ScanCode

System configuration

The scan was done on Linux with the OSS Review Toolkit https://github.com/oss-review-toolkit/ort/ using ScanCode as the scanner.
@pombredanne
Copy link
Member

Thanks!
The culprit is a rule edl-1.0_or_epl-1.0.RULE and edl-1.0_or_epl-1.0.yml that should be detected only if there is more of it detected using the "minimum_coverage" attribute likely to about 90%

{
          "key": "bsd-new",
          "score": 56.45,
          "name": "BSD-3-Clause",
          "short_name": "BSD-3-Clause",
          "category": "Permissive",
          "is_exception": false,
          "owner": "Regents of the University of California",
          "homepage_url": "http://www.opensource.org/licenses/BSD-3-Clause",
          "text_url": "http://www.opensource.org/licenses/BSD-3-Clause",
          "reference_url": "https://scancode-licensedb.aboutcode.org/bsd-new",
          "scancode_text_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/bsd-new.LICENSE",
          "scancode_data_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/bsd-new.yml",
          "spdx_license_key": "BSD-3-Clause",
          "spdx_url": "https://spdx.org/licenses/BSD-3-Clause",
          "start_line": 4,
          "end_line": 15,
          "matched_rule": {
            "identifier": "edl-1.0_or_epl-1.0.RULE",
            "license_expression": "epl-1.0 OR bsd-new",
            "licenses": [
              "epl-1.0",
              "bsd-new"
            ],
            "is_license_text": false,
            "is_license_notice": true,
            "is_license_reference": false,
            "is_license_tag": false,
            "is_license_intro": false,
            "matcher": "3-seq",
            "rule_length": 62,
            "matched_length": 35,
            "match_coverage": 56.45,
            "rule_relevance": 100
          },
          "matched_text": "This program and the accompanying materials\n * are made available under the terms of the Eclipse Public License v1.0\n * which accompanies this distribution, [and] is available at\n * http://www.eclipse.org/legal/epl-v10.html\n */\n[package] [org].[eclipse].[hawkbit].[ui].[common].[event];\n\n/**\n * [Enum] [constants] [for] [filter] [type]\n */\n[public] [enum] [FilterType] {\n    [SEARCH], [TYPE], [TAG], [NO]_[TAG], [STATUS], [OVERDUE], [QUERY], DISTRIBUTION,"
        }

@pombredanne pombredanne mentioned this issue Aug 20, 2021
Closed
7 tasks
@pombredanne pombredanne mentioned this issue Mar 5, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pombredanne @hanna-modica