On Mon, Nov 27, 2017 at 5:55 PM, Wheeler, David A <dwhee...@ida.org> wrote: > No tool can guarantee that always determines if "or any later version" > applies. > Certainly not licensee, which is the tool used automatically by GitHub. > Indeed, licensee generally only looks at the LICENSE file - it doesn't even > *try* > to parse the README file (which it could only do imperfectly anyway). > > Oh, and for many developers, the license output from licensee is the *only* > SPDX data they'll see, because GitHub does that analysis automatically for > them > when they view a project (they don't have to run a tool). I'd love to see > licensee improved, but most developers have ZERO interest in all the details > of a SPDX file anyway; they just want the license expression, and that's it. > In many places, the *developers* choose the libraries that will be used; > there are no lawyers to double-check anything.
OK, so GH licensee does not even make a serious attempt at providing accurate information and instead returns half-baked partial license information. Despite all the good intentions, I find it quite irresponsible to then promote this tool globally on a site with such a viewership. If this were a C compiler this would akin to say: I will ignore the function definitions from your header .h files. Once in a while I will compile a program that may run, though it may not run as you expected. Often I will crash and now and then I will just destroy your hard drive. But bear with me and use me anyway, I am "good enough". I just hope none would use such a tool to further propagate this half-baked misinformation when better tools exist out there. I am all for "good enough" but good enough is only good enough when there is at least __enough of the good__: otherwise this is counterproductive and dangerous especially when widely promoted. -- Cordially Philippe Ombredanne _______________________________________________ Spdx-legal mailing list Spdx-legal@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-legal
