Forums : Suggestions for Ohloh 2.0
Dear Open Hub Users,
We’re excited to announce that we will be moving the Open Hub Forum to
https://community.synopsys.com/s/black-duck-open-hub.
Beginning immediately, users can head over,
register,
get technical help and discuss issue pertinent to the Open Hub. Registered users can also subscribe to Open Hub announcements here.
On May 1, 2020, we will be freezing https://www.openhub.net/forums and users will not be able to create new discussions. If you have any questions and concerns, please email us at
[email protected]
Code analysis - licenses - what files?
Hi *,
I remember that I already read some time ago that you wanted to extend the Code analysis
page to show which files are under which license. For our project,
Ohloh claims that there were 2 files under GPL.
However, none of our code is under GPL. Since we published all our code under LesserGPL, I assume that someone simply forgot the Lesser
in 2 files, but I have no clue what files these are.
Do you still plan to add this feature of showing which files have which license? If so, when?
Till then, what chance do I have to get rid of this (wrong) GPL listing? I mean: Could you give me a grep command or otherwise explain how Ohloh gets the idea that it's GPL?
I ask, because the warning You should review ... carefully, especially if you are using this code for commercial purposes
is not really helpful for an ERP system which is - of course - used for commercial purposes ;-)
Thanks a lot in advance!
Best regards, Marco :-)
Hi nlmarco,
The GPL license is in these two files:
NightLabsConnection/src/org/nightlabs/connection/config/ConnectionCf.java
NightLabsConnection/src/org/nightlabs/connection/rxtx/config/SerialConnectionCf.java
We just look for license names in the files. You can pretty much reproduce the result like this:
$ find . -name *.java | xargs grep 'GNU General Public License'
We do still want to add the feature to browse files online and see the list of files by license, but it's probably not going to happen quickly. We just have too many other things we'd like to do first.
Thanks,
Robin
Hi Robin,
thanks a lot for the quick and very helpful response!
It's good to know how you search for the License - less magic than I thought ;-) Actually, I could have found that out myself - sorry that I bothered you :-)
Good to hear, though, that you still want to add this feature, since it makes it easier for people to decide whether a real license collision affects them (maybe it doesn't, if it's an optional module).
I removed the wrong GPL header from the two files and added the correct LesserGPL header to all files in the sub-project instead. Hence, the warning should disappear with the next synchronisation, right?
Best regards and a great week-end!
Marco :-)
Hi Marco,
Yes, the next project update should pick up the changes and remove the license warnings. I just checked, and it looks like it went through.
Thanks,
Robin
Hi Robin,
yes, it looks very good: Only blue and green icons - no warnings anymore :-D
Thanks a lot!
Marco :-)
Hi Robin,
just a few days and the warning popped up again :-( I searched for occurences of GNU General Public License
and I found it in the fckeditor for which we implemented an Eclipse integration in project org.nightlabs.eclipse.ui.fckeditor. Being a JavaScript library, the source files are directly in our project - i.e. not a JAR - and ohloh scans them.
1) fckeditor has triple-licensing and I assume that ohloh misunderstands that as a GPL license which causes a warning. The license headers look like this:
- Licensed under the terms of any of the following licenses at your
- choice: *
- - GNU General Public License Version 2 or later (the
GPL
) - http://www.gnu.org/licenses/gpl.html *
- - GNU Lesser General Public License Version 2.1 or later (the
LGPL
) - http://www.gnu.org/licenses/lgpl.html *
- - Mozilla Public License Version 1.1 or later (the
MPL
) - http://www.mozilla.org/MPL/MPL-1.1.html
2) I read a while ago that someone suggested .ohloh-ignore files (or whatever they should be named) in order to tell ohloh to skip directories/files (like JavaScript libraries). Does this feature already exist?
Best regards, Marco :-)
Yes, choose one
licenses are a problem for us, because our parser is not smart enough to realize that there is a choice involved. The file is going to be flagged as GPL, and conflict warnings will appear.
The ignore
file feature idea has been floating around for a long time, and I really want to implement it, but we're just simply crushed with features to work on.
As a brute force workaround, you could change your project enlistments to include every other directory except the directory that includes the third party libraries. I'm not entirely sure how your source code tree is organized; that might or might not be feasible for you.
Thanks,
Robin
Hi Robin,
thanks for your quick reply. We'll probably put the JavaScript code into a zip as a workaround. Our build process can unpack it. That should prevent ohloh to parse it.
I'll discuss this with the person responsible for this sub-project - I hope zipping is a solution (at least temporarily).
Concerning the choose one
licenses: Do you have multiple parsers (i.e. one searching for each license - not knowing the others) or is it just one parser that searches for multiple things in one pass? In the latter case, it would know that its the same file having multiple licenses and that it therefore must be a choice. But well, I understand that you are very busy... is that part open-source? I guess the people who are directly affected (e.g. fckeditor) might feel some motivation to fix it themselves.
Best regards, Marco :-)
Hi Marco,
The license parser is not open source right now. But it's a piece of Ohloh that we intend to open source when we have the time.
I'd just like to bump this; it's really frustrating not to have this when it would seemingly be so easy, and I'm always disappointed when I realize/remember that the link on the license name doesn't go to a list of files with that license, but just to some generic page about the license.
(Hmm. There wouldn't be some kind of feature request/bug tracker yet by any chance, would there? No, I thought not...)
Full ack.
Also there are some duplicates about the same feature request:
