Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CryptoSwift license incorrectly identified as Zlib #61

Open
hesa opened this issue Dec 17, 2024 · 1 comment
Open

CryptoSwift license incorrectly identified as Zlib #61

hesa opened this issue Dec 17, 2024 · 1 comment
Assignees
@DennisClark @AyanSinhaMahapatra

Comments

@hesa
Copy link

hesa commented Dec 17, 2024

CryptoSwift license incorrectly identified as Zlib

The CONTRIBUTING and LICENSE files of CryptoSwift are incorrectly
identified as Zlib license.

CryptoSwift: https://github.com/krzyzanowskim/CryptoSwift

Zlib: https://www.zlib.net/

Major difference

Zlib text

If you use this software in a product, an acknowledgment in the
product documentation would be appreciated but is not required.

CryptoSwift text

If you use this software in a product, an acknowledgment in the product documentation is required.

The difference

Zlib says: appreciated but is not required
CryptoSwift: is required

This is quite a difference for users when complying with the license terms.

Additional notes

  • The CryptoSwift license needs an identifier

  • Unfortunately the LICENSE and CONTRIBUTING files have slightly different texts.

Reproducing

CONTRIBUTING file

Scanning the CONTRIBUTING file

mkdir contributing-file
cd    contributing-file
curl -LJ https://raw.githubusercontent.com/krzyzanowskim/CryptoSwift/refs/heads/main/CONTRIBUTING.md | grep "^//" > CONTRIBUTING.md
cd ..
scancode -clipe \
  --license-text   --license-text-diagnostics        \
  --classify       --license-clarity-score --summary \
  -n $(cat /proc/cpuinfo | grep processor | wc -l)   \
  --json-pp contributing-file.json contributing-file

Extracting the detected license

$ cat contributing-file.json | jq .files[].detected_license_expression_spdx
null
"Zlib"

LICENSE file

Scanning the LICENSE file

mkdir license-file
cd    license-file
curl -LJO https://raw.githubusercontent.com/krzyzanowskim/CryptoSwift/refs/heads/main/LICENSE
cd ..
scancode -clipe \
  --license-text   --license-text-diagnostics        \
  --classify       --license-clarity-score --summary \
  -n $(cat /proc/cpuinfo | grep processor | wc -l)   \
  --json-pp license-file.json license-file

Extracting the detected license

$ cat license-file.json | jq .files[].detected_license_expression_spdx
null
"Zlib"

Versions etc

  • scancode-toolkit 32.3.0
  • Ubuntu 24.04.1 LTS
  • Python 3.12.3
@DennisClark DennisClark self-assigned this Dec 17, 2024
@DennisClark
Copy link
Member

DennisClark commented Dec 18, 2024
edited
Loading

@hesa Thanks for providing all the pertinent details, which are very helpful.

@AyanSinhaMahapatra New license LicenseRef-scancode-cryptoswift created in DejaCode enterprise and public instances. Please synchronize with scancode and the LicenseDB when you can, and correct the appropriate detection rules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DennisClark DennisClark

@AyanSinhaMahapatra AyanSinhaMahapatra

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hesa @DennisClark @AyanSinhaMahapatra