-
Notifications
You must be signed in to change notification settings - Fork 166
Conversation
Codecov Report
@@ Coverage Diff @@
## master #170 +/- ##
==========================================
+ Coverage 65.02% 65.63% +0.61%
==========================================
Files 90 90
Lines 10958 9990 -968
==========================================
- Hits 7125 6557 -568
+ Misses 3537 3148 -389
+ Partials 296 285 -11
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you! 👍
Hmm. CI failure in ci/circleci: images task was surely not related to changes to the .wwhrd.yaml:
The previous CI pipeline passed. |
f5f448d
to
521ba3d
Compare
The list of accepted licenses incorrectly referred to the BSD-2-Clause as the FreeBSD license, and the BSD-3-Clause as the NewBSD license. See https://spdx.org/licenses/BSD-3-Clause and https://spdx.org/licenses/BSD-2-Clause respectively. Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
This adds ISC to the whitelist, as it was not able to be detected by old versions of wwhrd, and was included in the exceptions list. Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
521ba3d
to
581a962
Compare
I've reworked this PR after improvements in wwhrd (see frapposelli/wwhrd#43) to use a template-based matcher instead of a hash-based matcher. We end up with much fewer exceptions and misdetections. This has also clarified that https://github.com/hashicorp/golang-lru does not invoke the "no-copyleft-exception" clause of the MPL-2.0 license; this was a misdetection in the older version of wwhrd, probably because the hash was matching the "no-copyleft-exception" text in the license's Exhibit B. |
This is the same package, previously hosted on bitbucket.org and now on github.com. In both cases, there's only a single source file vendored, which contains the license inline. wwhrd doesn't detect this, and in one case picks up the license of the vendoring package instead. This has since been fixed upstream, although that won't help the ancient version inlined into prometheus/common. See munnerz/goautoneg#1 Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
This is a misdetection, since fixed upstream in go-digest. See opencontainers/go-digest#37 Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
581a962
to
63a1d4a
Compare
Hi! Thanks for your PR! Unfortunately we're no longer maintaining this repository so I will close this issue. |
This fixes the wwhrd-based license checks which are currently failed by the CI pipeline even when nothing new is vendored.
Fixes: #169
Summary of changes:
BSD-2-Clause
andBSD-3-Clause
licenses due to change in underlying library in wwhrdISC
to license allow-list now that wwhrd can distinguish it from 0BSDChanges obsoleted by improvements to wwhrd after I started this work.
Mostly this was janitorial (BSD licenses were misnamed, a few libraries were not detected correctly by wwhrd and needed exceptions, and some exceptions had been left behind after their usage was removed).I also filed frapposelli/wwhrd#40 for the go-spew misdetection in wwhrd.
The most significant change is explicit acceptance of
MPL-2.0-no-copyleft-exception
and requisite blacklisting ofGPL-2.0+
,LGPL-2.1+
andAFGPL-3.0+
. This is due to usage ofgithub.com/hashicorp/golang-lru/simplelru
. There is an open issue (hashicorp/golang-lru#62) requesting the license be changed toMPL-2.0
but no apparent action has been taken.