Question:
After uploading a scan some entries show a "license not detected" or a "license could not be matched" correctly. How could I resolve that?
Answer:
There are several reasons leading to this result. You may explore the reason when looking into the details of the finding. Click on the component to see the details. Depending on the data you will understand the reason.
Case I Bad data:
Given you will see more than one license name or a strange combination behind the legal symbol (judges hammer) this is a clear sign, that the data form the scan is bad. Following diagram shows a sample:
Here, the scan receives two licenses as one and the matching against our database has not been successful. Thus the result could not be corrected automatically. A correct representation would have separated the two license entries as two licenses.
Most likely, you may correct this by changing the build descriptor for your package manager. It is a good idea to repair it at the origin. If not, the issue might occur again with every update you are sending.
If this appears not in one of your components but a dependency that has been resolved by our dependency resolution, the wrong entries might have been loaded from a repository. We are checking the data but we always come across unknown licenses or missing licenses. Sometime manual support might be required. So please forward these cases to support@trustsource.io for review.
PLEASE NOTE: Often such incorrect interpretations are a result from irritations about the correct. license due to several sources reporting alternative information. Use the component link at the top of the details section to dive into component information. Most likely you will find more details either looking into the repo itself or on the component page itself.
Case II License unknown:
Another reason might be that the license that is associated is not yet known by our database. This either might be caused by wrong sources or wrong data being reported.
For example it happens sometimes that people are not able to find "Public Domain" as license information. In fact there is no license "Public Domain". This is a wording that has a certain meaning throughout the US, e.g. "dedicated to the public domain", meaning it is publicly available, but it is not a license by any means. Thus terms are not regulated and it must be assumed as "no license".
We also maintain a service that is contacting projects suggesting to add a license and clarify potential issues. But this is not always possible. Sometimes contributors are gone or may have chosen not to support the project anymore. Sometimes they just do not want to get pushed in a certain direction, in other cases it works.
So feel free to address your concerns to our support team at support@trustsource.io. The team will investigate and help to achieve a resolution. We do have a set of tools and services to assess, analyze and decode such cases. Some tools are still under development, which is why we are very interested in using them in real cases.
Comments
0 comments
Article is closed for comments.