Forums : Suggestions for Ohloh 2.0

Code analysis - licenses - what files?

Hi *,

I remember that I already read some time ago that you wanted to extend the "Code analysis" page to show which files are under which license. For our project, Ohloh claims that there were 2 files under GPL.

However, none of our code is under GPL. Since we published all our code under LesserGPL, I assume that someone simply forgot the "Lesser" in 2 files, but I have no clue what files these are.

Do you still plan to add this feature of showing which files have which license? If so, when?

Till then, what chance do I have to get rid of this (wrong) GPL listing? I mean: Could you give me a grep command or otherwise explain how Ohloh gets the idea that it's GPL?

I ask, because the warning "You should review ... carefully, especially if you are using this code for commercial purposes" is not really helpful for an ERP system which is - of course - used for commercial purposes ;-)

Thanks a lot in advance!

Best regards, Marco :-)

F49ad21c17c5ec27fd3261531827c2cb?&s=32&rating=pg&d=https%3a%2f%2fwww

nlmarco

almost 7 years ago
 

Hi nlmarco,

The GPL license is in these two files:

 NightLabsConnection/src/org/nightlabs/connection/config/ConnectionCf.java
 NightLabsConnection/src/org/nightlabs/connection/rxtx/config/SerialConnectionCf.java

We just look for license names in the files. You can pretty much reproduce the result like this:

$ find . -name *.java | xargs grep 'GNU General Public License'

We do still want to add the feature to browse files online and see the list of files by license, but it's probably not going to happen quickly. We just have too many other things we'd like to do first.

Thanks, Robin

063ffe4b4061aa874f09216cfd60d8f2?&s=32&rating=pg&d=https%3a%2f%2fwww

Robin Luckey

almost 7 years ago
 

Hi Robin,

thanks a lot for the quick and very helpful response!

It's good to know how you search for the License - less magic than I thought ;-) Actually, I could have found that out myself - sorry that I bothered you :-)

Good to hear, though, that you still want to add this feature, since it makes it easier for people to decide whether a real license collision affects them (maybe it doesn't, if it's an optional module).

I removed the wrong GPL header from the two files and added the correct LesserGPL header to all files in the sub-project instead. Hence, the warning should disappear with the next synchronisation, right?

Best regards and a great week-end!

Marco :-)

F49ad21c17c5ec27fd3261531827c2cb?&s=32&rating=pg&d=https%3a%2f%2fwww

nlmarco

almost 7 years ago
 

Hi Marco,

Yes, the next project update should pick up the changes and remove the license warnings. I just checked, and it looks like it went through.

Thanks, Robin

063ffe4b4061aa874f09216cfd60d8f2?&s=32&rating=pg&d=https%3a%2f%2fwww

Robin Luckey

almost 7 years ago
 

Hi Robin,

yes, it looks very good: Only blue and green icons - no warnings anymore :-D

Thanks a lot!

Marco :-)

F49ad21c17c5ec27fd3261531827c2cb?&s=32&rating=pg&d=https%3a%2f%2fwww

nlmarco

almost 7 years ago
 

Hi Robin,

just a few days and the warning popped up again :-( I searched for occurences of "GNU General Public License" and I found it in the fckeditor for which we implemented an Eclipse integration in project org.nightlabs.eclipse.ui.fckeditor. Being a JavaScript library, the source files are directly in our project - i.e. not a JAR - and ohloh scans them.

1) fckeditor has triple-licensing and I assume that ohloh misunderstands that as a GPL license which causes a warning. The license headers look like this: * Licensed under the terms of any of the following licenses at your * choice: * * - GNU General Public License Version 2 or later (the "GPL") * http://www.gnu.org/licenses/gpl.html * * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") * http://www.gnu.org/licenses/lgpl.html * * - Mozilla Public License Version 1.1 or later (the "MPL") * http://www.mozilla.org/MPL/MPL-1.1.html

2) I read a while ago that someone suggested .ohloh-ignore files (or whatever they should be named) in order to tell ohloh to skip directories/files (like JavaScript libraries). Does this feature already exist?

Best regards, Marco :-)

F49ad21c17c5ec27fd3261531827c2cb?&s=32&rating=pg&d=https%3a%2f%2fwww

nlmarco

over 6 years ago
 

Yes, "choose one" licenses are a problem for us, because our parser is not smart enough to realize that there is a choice involved. The file is going to be flagged as GPL, and conflict warnings will appear.

The "ignore" file feature idea has been floating around for a long time, and I really want to implement it, but we're just simply crushed with features to work on.

As a brute force workaround, you could change your project enlistments to include every other directory except the directory that includes the third party libraries. I'm not entirely sure how your source code tree is organized; that might or might not be feasible for you.

Thanks, Robin

063ffe4b4061aa874f09216cfd60d8f2?&s=32&rating=pg&d=https%3a%2f%2fwww

Robin Luckey

over 6 years ago
 

Hi Robin,

thanks for your quick reply. We'll probably put the JavaScript code into a zip as a workaround. Our build process can unpack it. That should prevent ohloh to parse it.

I'll discuss this with the person responsible for this sub-project - I hope zipping is a solution (at least temporarily).

Concerning the "choose one" licenses: Do you have multiple parsers (i.e. one searching for each license - not knowing the others) or is it just one parser that searches for multiple things in one pass? In the latter case, it would know that its the same file having multiple licenses and that it therefore must be a choice. But well, I understand that you are very busy... is that part open-source? I guess the people who are directly affected (e.g. fckeditor) might feel some motivation to fix it themselves.

Best regards, Marco :-)

F49ad21c17c5ec27fd3261531827c2cb?&s=32&rating=pg&d=https%3a%2f%2fwww

nlmarco

over 6 years ago
 

Hi Marco,

The license parser is not open source right now. But it's a piece of Ohloh that we intend to open source when we have the time.

E9c87325cbbdc362eb1ee7802e9ade95?&s=32&rating=pg&d=https%3a%2f%2fwww

Andy Verprauskus

over 6 years ago
 

I'd just like to bump this; it's really frustrating not to have this when it would seemingly be so easy, and I'm always disappointed when I realize/remember that the link on the license name doesn't go to a list of files with that license, but just to some generic page about the license.

(Hmm. There wouldn't be some kind of feature request/bug tracker yet by any chance, would there? No, I thought not...)

165e55c78689e561c554c3dec671fb50?&s=32&rating=pg&d=https%3a%2f%2fwww

Samuel Bronson

almost 4 years ago
 

Full ack.

Also there are some duplicates about the same feature request:

8b0cd5fa68b319fec1c0973d031ff28c?&s=32&rating=pg&d=https%3a%2f%2fwww

Felix Schwarz

almost 4 years ago
 

Post a Response