Forums : Feedback Forum
Dear Open Hub Users,
We’re excited to announce that we will be moving the Open Hub Forum to
https://community.synopsys.com/s/black-duck-open-hub.
Beginning immediately, users can head over,
register,
get technical help and discuss issue pertinent to the Open Hub. Registered users can also subscribe to Open Hub announcements here.
On May 1, 2020, we will be freezing https://www.openhub.net/forums and users will not be able to create new discussions. If you have any questions and concerns, please email us at
[email protected]
Code misidentified as GPL
Several different options have been tabled to help with this serious defect. Can we at least get a response please?
How about at least having a feature to see which files ohloh believes to be under which license?
Then, have a link to report inaccuracy
for each file, which could be done by any ohloh user.
At least then the scope of incorrect license detection can be seen (how many files and which ones are currently incorrectly handled).
At least then you will have stronger evidence about how widespread the issue is and which projects are adversely affected - rather than a bunch of anecdotal evidence like now.
This will help with making informed decisions on how to solve any such problems, rather than resorting to he says she says
arguments like this thread has.
@asvitkine,
You're absolutely right. I suspect that some files (like is the case with the Camel ones) will have 2 licenses associated. In our case the standard Apache license header is clearly present at the top, but the GPL string can be found somewhere in a comment down in the code.
The argument was that the the problem is more widespread than originally stated. And I think it was more of the we all said
kind than he says, she says
:), because I didn't see a denial, just a downplay.
The information about what trigger fired for a particular file is clearly there and I agree that exposing it would allow us to determine how widespread the problem is and maybe identify a pattern and a solution.
Many, many thanks for pitching in.
I believe we would all like further interest from OhLoh staff on this matter. It is of significant concern, and has been displayed to affect not only several large-usage projects, but to affect the decisions being made on basis of OhLoh statistics.
asvitkine said:
How about at least having a feature to see which files ohloh believes to be under which license?
+1 to that - I just noticed that same problem with the Apache Sling project, where ohloh reports one GPL file but there's no way to find out which one it is.
grep -i gpl shows for example:
LICENSE.jruby:
JRuby is released under a tri CPL/GPL/LGPL license.
NOTICE:under a tri-license (CPL/GPL/LGPL).
which could explain the problem, but if we could find out precisely why ohloh thinks Sling has some GPL-licensed file, that would help at lot.
Same for Mindquarry.
One file is reported as GPL, but as it uses MPL, ASL and AFL, three warnings are reported on the front page.
+1 for
a) listing the misidentified files and
b) letting project owners manually correct the license usages: I think a software will never be able to get license/law stuff right just by scanning the code - it can only make the analysis for humans faster by giving hints
Wow. The problem is much worse for MindQuarry than it is for me. I commiserate, Mr. Klimetschek; that's a real shame, what Ohloh's bug is creating for you.
Thank you each for speaking up. As more people bring this issue to Ohloh's attention, maybe they'll begin to take it somewhat more seriously.
@Bertrand, it found it the same way you did: grep for gpl in comments :(.
For now I have added a note to Sling's project summary at ohloh [1], mentioning that Contrary to what Ohloh currently believes, all of Sling's code is under the Apache License 2.0.
I'd advise other Apache licensed projects to do the same, unless this is fixed.
[1] https://www.ohloh.net/p/sling
Today is the third anniversary of my first report of this legally sensitive problem that has cost me clients to Ohloh.
It is still not repaired.
Maybe Ohloh's new owners will realize how easy of a fix this is, and that it's costing them users and credibility, and fix it?
Here's to hoping that Black Duck Software takes seriously Ohloh's long standing claims to be community driven, user sensitive and interested in our opinions.
John, we're certainly aware of this issue. Based on our experience, we know that automatic scanning will always produce some mistakes. We have some better license scanning technology, and hope to improve the quality of data over time. But we may need to also provide a mechanism so that the community can crowdsource corrections for the inevitable errors. This combination should solve the problem, but probably not immediately.
I know you're aware of it. I'm the one who made you aware of it.
And there's a ridiculously simple answer. Stop acting like your automatic scanner has to be the last answer. Allow a human to override its choices. Fixed.
It's a 20 minute hack for any competant developer. Stop dodging it.
By the by, this isn't a community issue. Just hand it to the managing developers. If you try to make it a community issue, a bunch of people are going to flag things that aren't GPL as GPL, in zealotry. (I've seen it happen.)