Ancestors

Written by Miroslav Suchý on 2024-11-11 at 07:13

Working with SW licenses is tricky. E.g., This is an MIT license that has added one additional word, "NOT". That makes it a non-MIT license (although GH thinks something else). Makes it non-free, non-foss. And it is tough to spot such subtle change. https://github.com/jamietsadler/itx_nabla/blob/1ff180dfd80c50a063c398866bcd42196be96e58/LICENSE#L3 #SBOM #license

=> More informations about this toot | More toots from mirek@rodina-sucha.cz

Written by Fabio Alessandro "Fale" Locati on 2024-11-11 at 08:12

@mirek interesting way of crafting a new license. Do trivy and/or askalono detect this as a non-MIT license or do they also get tricked?

=> More informations about this toot | More toots from fale@fale.io

Toot

Written by Miro Hrončok :fedora: :python: on 2024-11-11 at 10:53

@fale @mirek

$ askalono identify ~/tmp/badLICENSE

License: MIT (original text)

Score: 0.991

=> More informations about this toot | More toots from hroncok@floss.social

Descendants

Written by Fabio Valentini on 2024-11-11 at 10:56

@hroncok @fale @mirek yeah the scoring algorithm in askalono is way off sometimes ... with new SPDX license data, it also identifies Apache-2.0 as "Pixar" (which is why I didn't update the embedded data in a while 😐)

=> More informations about this toot | More toots from decathorpe@mastodon.social