FOSS License Additional Metadata
Project description
FOSS Licenses
A database with meta data for FOSS licenses adding useful information to existing licenses aiming at simplifying compliance work. The meta data consists of:
-
other names or aliases for licenses (e.g. "GNU GPL v. 2" is replaced by "GPL-2.0-only")
-
fixes for compound license written as one single license or using faulty syntax (e.g. "GPL-2.0-with-classpath-exception" -> "GPL-2.0-only WITH Classpath-exception-2.0")
-
other names for operators (e.g. "||" is replaced by "OR")
-
translation of license with dual license features to a compound license expression (e.g. "GPL-2.0-or-later" -> "GPL-2.0-only OR GPL-3.0-only")
-
compatibility as another license (e.g. "X11-Style (Keith Packard)" is compatibility wise the same as "HPND")
-
ambiguous license name (e.g. "GNU General Public License", which misses the version number)
-
license text
Background
There are lots of software licenses out there (e.g. see ScanCode LicenseDB), some of them are FOSS and some not. In this project we primarily focus on FOSS licenses.
License name proliferation
When you're working with compliance you are used to licenses called differently in source code or by tools (e.g. GPLv2, GPL (v2) and GNU General Public License Version 2) when all you really want too see is the SPDX identifier GPL-2.0-only. A seasoned compliance engineer or lawyer knows this already, but we need this information to be machine readable.
License proliferation
Another problem you face when working with compliance is the need to check whether the licenses in a combined work are compatible. One example is the X11-Style (Keith Packard) license, which really is the same license as the Historical Permission Notice and Disclaimer - sell variant. X11-Style (Keith Packard) is not supported for example in the OSADL matrix, but HPND-sell-variant is. Again, a seasoned license engineer or lawyer knows which licenses are compatible and which are not, but we need to make it possible for a machine to assist us.
About
This projet aims at providing a database with:
-
"all" different names for a license in a database
-
mappings from one license to another license which is supported by the OSADL matrix
and, to make the database easier to use:
-
a Python API
-
command line tool
Database
The data can be found in the var directory. Each license has a JSON file with meta information and a LICENSE file with the license text.
Tools and APIs
-
flame - command line program
Contributions
You are more than welcome to contribute.
License reviews
It would be great if you could check the licenses and feedback us (see HOW below).
Hacking
If you find a bug and have a fix or have written a new feature you want addded. Create a PR and we'll have a look..
Suggest new features and report bugs
We need input from you on how you use or would like to use foss-licenses.
Suggest new license to support
Do you miss a license that you want support for. Create an issue with the following information:
-
SPDX identifier (if any)
-
Scancode identifier (if any)
-
License text (or a URL)
-
Aliases you would like to add (if any)
-
Same compatibility as another license (if any)
How
-
create an issue
-
create PR for code or license contributions
CLA?
We do not have a CLA or similar, but we assume your contributions are made under our license (for the code and data).
Related tools and projects
-
flict - FOSS License Compatibility Tool
-
License Compatibility Matrix - a matrix with license compatibilities
-
scancode - ScanCode toolkit
-
ScanCode LicenseDB - a database with licenses
Acknowledgements
-
Nexb for their FOSS compliance tools, especially scancode and ScanCode LicenseDB.
-
OSADL for their License Compatibility Matrix
Technical notes
Normalizing license expressions
We fix your license expressions with the following methods (listed in order)
Normalize aliases
With our database we can replace a license like "GPLv2+" to the SPDX identifier "GPL-2.0-or-later". We do this by searching for needles and replace them. To search for needles, in our case license expressions, (e.g. "BSD 0-Clause") to replace (with e.g. "0BSD") we use the following strategy:
-
list all needles in order of length, longest first
-
for each needle find and replace
This is a naive approach but given the limited data at hand it should work.
Normalize compound license expressions
Some compound licenses (e.g. "GPL-2.0-only WITH
Classpath-exception-2.0") are stated incorrectly (e.g. "GPL-2.0-only
AND Classpath-exception-2.0") or as a singe license
(""GPL-2.0-with-classpath-exception). The license expression is
scanned for licenses as listed in var/compounds.json and replaced
accordingly.
Normalize operators
The license expression is scanned for operators as listed in
var/operators.json and replaced accordingly (e.g. "||" is replaced
by "OR").
Normalize dual licenses
Some licenses have a built in dual license feature (e.g. "GPL-2.0-or-later"). We replace such licenses with the corresponding dual licenses.
As an example: "GPL-2.0-or-later" is replacde by "(GPL-2.0-only OR GPL-3.0-only")
Insert same compatibility as another license
Some licenses are not supported by the OSADL license matrix (e.g. "X11-Style (Keith Packard)") but the license is very similar and has the same compatibility towards other licenses as another license (e.g. "HPND").
To allow for tools (e.g. flict) to check compatibility of an inbound license expression against an outbound license expression we replace the unknown license with the known and with same compatibility.
Extending flame
Python API
See Python API
Command line program
You can extend flame, the command line program, in two different ways:
-
using the option
additional-license-dir -
using the environment variable
FLAME_USER_CONFIG
Using the option additional-license-dir
Assuming you want to extend flame with the licenses located in the directory more-licenses and then list the licenses (using the command licenses):
flame --additional-license-dir more-licenses licenses
Using the environment variable FLAME_USER_CONFIG
You have a config file, called flame-config.json, with the variable additional-license-dirset to more-licenses, like this:
{
"additional-license-dir": "./more-licenses/"
}
then you can start flame to read the config file like this:
FLAME_USER_CONFIG=flame-config.json flame licenses
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file foss-flame-0.20.0.tar.gz.
File metadata
- Download URL: foss-flame-0.20.0.tar.gz
- Upload date:
- Size: 261.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6748f5aa8df62c612d222873c2713311262d22fc6cf619c3b5e94d8c1b61c0b1
|
|
| MD5 |
9b41570e7fa4e534d19977f3a0b2726f
|
|
| BLAKE2b-256 |
f54e5bb24318e8aa1c709872f2c9c2e03ddf6145c4b82a0658ffec924e00037a
|
File details
Details for the file foss_flame-0.20.0-py2.py3-none-any.whl.
File metadata
- Download URL: foss_flame-0.20.0-py2.py3-none-any.whl
- Upload date:
- Size: 416.1 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
66eb8d4b61d658332b7ca712d124127a6df2b9b8ce1b61e83d96e39d7e564923
|
|
| MD5 |
746b985b869b021c6fa25f594d1b6e46
|
|
| BLAKE2b-256 |
e8fe8b523489429ca8334e18cc1d0fdfdfd2391de2a5018de3cae42017be9ee5
|
