Re: [spdx-tech] standardLicenseHeader for EPL-1.0
On Thu, Dec 28, 2017 at 4:53 PM, Philippe Ombredannewrote: > Hi Thanh, > > On Thu, Dec 28, 2017 at 2:18 AM, Thanh Ha > wrote: > > I am developing a license header scanner in order to quickly scan local > > files for license headers at the top of code files. > > You may want to check out ScanCode [1]. Since I use it with top Linux > maintainers to clarify the kernel licensing and set SPDX ids, it must > not be too shabby as a license detection engine. It detects headers > alright and much more, including EPL headers. > > PS: ScanCode is written in Python, not Go and I am the maintainer. > > [1] https://github.com/nexB/scancode-toolkit > -- > Cordially > Philippe Ombredanne > Hi Philippe, Thanks for the pointer. I had a look and unfortunately it isn't the tool we need for our use case. The tool we need (and is what I'm prototyping) is one that we can use in CI systems to pass a list of valid licenses like "EPL-1.0, Apache-2.0" for example and then it searches all the code files in a project repo to make sure that the top of every code file contains the correct license header text (and optionally SPDX identifier). If any files that have missing license headers or has incorrect license header text will automatically fail the build in CI and reports a -1 vote (or blocking vote) in a code review system like Gerrit or GitHub code reviews. The intention here is to block developers from merging code with missing license headers in the first place rather than find out after the fact that this has happened. We've successfully done this for a few of our Java projects using checkstyle but it's Java specific and runs quite a bit slower than we like. The new tool we've been working on scans significantly more quickly as it only reads the first few bytes of every file and all the scanning is done locally without generating anything (scans 10s of thousands of files in seconds). I have a work in progress here [0] in case anyone is interested but it currently requires us to provide an example license header. I'd like to pull in SPDX data so that this data can be automatically sourced from somewhere rather than depending on the projects to provide the correct header examples. Hope this explains things more clearly. Thanks, Thanh [0] https://github.com/zxiiro/license-header-checker ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
Re: [spdx-tech] standardLicenseHeader for EPL-1.0
On Thu, Dec 28, 2017 at 10:53:02PM +0100, Philippe Ombredanne wrote: > You may want to check out ScanCode [1]. Since I use it with top Linux > maintainers to clarify the kernel licensing and set SPDX ids, it must > not be too shabby as a license detection engine. It detects headers > alright and much more, including EPL headers. [1] is the ScanCode rule that encodes a header similar to what Thanh mentions (although ScanCode has some other EPL-1.0 rules as well). I'm in favor of documenting those standard headers (when they are recommended by the license steward) in SDPX. The Eclipse docs at [2] currently recommend EPL-2.0 and, more importantly for us, an SPDX-License-Identifier entry. As long as you're willing to trust that entry, you can skip over the rest of the header completely. Cheers, Trevor [1]: https://github.com/nexB/scancode-toolkit/blob/v2.2.1/src/licensedcode/data/rules/epl-1.0_2.RULE [2]: https://www.eclipse.org/projects/handbook/#ip-copyright-headers -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy signature.asc Description: OpenPGP digital signature ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
Re: [spdx-tech] standardLicenseHeader for EPL-1.0
Hi Thanh, On Thu, Dec 28, 2017 at 2:18 AM, Thanh Hawrote: > I am developing a license header scanner in order to quickly scan local > files for license headers at the top of code files. You may want to check out ScanCode [1]. Since I use it with top Linux maintainers to clarify the kernel licensing and set SPDX ids, it must not be too shabby as a license detection engine. It detects headers alright and much more, including EPL headers. PS: ScanCode is written in Python, not Go and I am the maintainer. [1] https://github.com/nexB/scancode-toolkit -- Cordially Philippe Ombredanne ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
Re: [spdx-tech] standardLicenseHeader for EPL-1.0
On Wed, Dec 27, 2017 at 08:18:32PM -0500, Thanh Ha wrote: > The other options available licenseText and standardLicenseTemplate seems > to have the full license header rather than what's recommended by the > Eclipse project to include a short header message [1] in code files. > … > [1] https://www.eclipse.org/projects/handbook/#ip-copyright-headers Besides Gary's comments, another wrinkle is that we currently require headers to be declared in the license or its appendix [1]. We are likely to relax that limitation soon to “declared somewhere by the license steward” [2], but for the moment, the handbook page you link may be too far from the license for inclusion. Cheers, Trevor [1]: https://spdx.org/spdx-license-list/license-list-overview#fields [2]: https://github.com/spdx/license-list/issues/5#issuecomment-307292702 -- This email may be signed or encrypted with GnuPG (http://www.gnupg.org). For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy signature.asc Description: OpenPGP digital signature ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
[spdx-tech] standardLicenseHeader for EPL-1.0
Hi Everyone, I am developing a license header scanner in order to quickly scan local files for license headers at the top of code files. I intend to add SPDX Header scanning support but have noticed that the EPL-1.0 is missing the recommended header text which based on my reading here [0] should be where such things are defined. The other options available licenseText and standardLicenseTemplate seems to have the full license header rather than what's recommended by the Eclipse project to include a short header message [1] in code files. How can we get this included in SPDX and is standardLicenseHeader the right field or am I misunderstanding it's usage here? Thanks, Thanh [0] https://github.com/spdx/license-list-data/blob/master/accessingLicenses.md [1] https://www.eclipse.org/projects/handbook/#ip-copyright-headers ___ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech