forked from eclipse-leda/leda-contrib-self-update-agent
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.ort.yml
218 lines (218 loc) · 10.7 KB
/
.ort.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
excludes:
paths:
- pattern: "project.spdx.yml"
reason: "OTHER"
comment: "Configuration for Open Source Scan"
- pattern: "3rdparty/openssl/tlsfuzzer/**"
reason: "TEST_OF"
comment: "Test suite for SSL & TLS, not included in production release."
- pattern: "3rdparty/paho.mqtt.c/test/**"
reason: "TEST_OF"
comment: "Tests of the Paho C library, not included in production release."
- pattern: "3rdparty/paho.mqtt.c/docs/**"
reason: "DOCUMENTATION_OF"
comment: "Code examples using Paho C library, not included in production release."
- pattern: "3rdparty/paho.mqtt.c/test_package/**"
reason: "TEST_OF"
comment: "Tests of the Paho C library, not included in production release."
- pattern: "3rdparty/paho.mqtt.cpp/test/**"
reason: "TEST_OF"
comment: "Tests of the Paho CPP library, not included in production release."
- pattern: "3rdparty/openssl/pyca-cryptography/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "Python cryptography tools, not included in production release."
- pattern: "3rdparty/openssl/python-ecdsa/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "Python cryptography tools, not included in production release."
- pattern: "3rdparty/googletest/**"
reason: "TEST_OF"
comment: "Google test framework, not included in production release."
- pattern: "3rdparty/openssl/wycheproof/**"
reason: "TEST_OF"
comment: "Crypto library testing, not included in production release."
- pattern: "3rdparty/openssl/tlslite-ng/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "Python library for SSL & TLS, not included in production release."
- pattern: "3rdparty/openssl/krb5/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "Kerberos not included in production release."
- pattern: "3rdparty/curl/docs/**"
reason: "DOCUMENTATION_OF"
comment: "Code examples, not included in production release."
- pattern: "3rdparty/curl/tests/**"
reason: "TEST_OF"
comment: "curl tests, not included in production release."
- pattern: "3rdparty/glib/gio/tests/**"
reason: "TEST_OF"
comment: "Tests of glib, not included in production release."
- pattern: "3rdparty/glib/gobject/tests/**"
reason: "TEST_OF"
comment: "Tests of glib, not included in production release."
- pattern: "3rdparty/glib/glib/tests/**"
reason: "TEST_OF"
comment: "Tests of glib, not included in production release."
- pattern: "3rdparty/openssl/external/perl/Text-Template-1.56/**"
reason: "DOCUMENTATION_OF"
comment: "Used in the generation of letters,HTML pages, not in production release."
- pattern: "3rdparty/glib/po/**"
reason: "OTHER"
comment: "Languauge translator tool, not in production release."
- pattern: "3rdparty/openssl/CHANGES.md"
reason: "DOCUMENTATION_OF"
comment: "Documents changes, not in production release."
- pattern: "3rdparty/curl/LICENSES/**"
reason: "DOCUMENTATION_OF"
comment: "Copies of various licenses, not in production release."
- pattern: "3rdparty/nlohmann-json/docs/**"
reason: "DOCUMENTATION_OF"
comment: "Used in the generation of documentation, not in production release."
- pattern: "3rdparty/nlohmann-json/.reuse/**"
reason: "DOCUMENTATION_OF"
comment: "Documents dependencies for tests, not in production release."
- pattern: "3rdparty/nlohmann-json/LICENSES/**"
reason: "DOCUMENTATION_OF"
comment: "Details of licenses used, not in production release."
- pattern: "3rdparty/nlohmann-json/tests/thirdparty/imapdl/**"
reason: "TEST_OF"
comment: "Tests of nlohmann-json, not included in production release"
curations:
license_findings:
- path: "3rdparty/paho.mqtt.c/notice.html"
detected_license: "LicenseRef-scancode-eclipse-sua-2011"
concluded_license: "EPL-2.0"
reason: "NOT_DETECTED"
comment: "Correct format of the EPL license details not provided in notice.html file"
- path: "3rdparty/paho.mqtt.cpp/notice.html"
detected_license: "LicenseRef-scancode-eclipse-sua-2011"
concluded_license: "EPL-1.0"
reason: "NOT_DETECTED"
comment: "Correct format of the EPL license details not provided in notice.html file"
- path: "3rdparty/openssl/crypto/bio/bio_print.c"
detected_license: "LicenseRef-scancode-snprintf"
concluded_license: "Apache-2.0"
reason: "DOCUMENTATION_OF"
comment: "Documents that this particular code section is based on code written by Patrick Powell <[email protected]>."
- path: "3rdparty/glib/glib/gbsearcharray.h"
detected_license: "LicenseRef-scancode-tim-janik-2003"
concluded_license: "LGPL-2.1-or-later"
reason: "DOCUMENTATION_OF"
comment: "Documents that this code section is Copyright (C) 2000-2003 Tim Janik, redistribution and modification is permitted with provided disclaimer."
- path: "3rdparty/glib/gio/gdbusconnection.c"
detected_license: "GPL-2.0-only"
concluded_license: "LGPL-2.1-or-later"
reason: "DOCUMENTATION_OF"
comment: "Documents licenses used in other library sources."
- path: "3rdparty/glib/m4macros/glib-gettext.m4"
detected_license: "GPL-1.0-or-later WITH LicenseRef-scancode-autoconf-simple-exception-2.0"
concluded_license: "LGPL-2.1-or-later"
reason: "DOCUMENTATION_OF"
comment: "Documents an exception to GNU General Public License."
- path: "3rdparty/glib/m4macros/glib-gettext.m4"
detected_license: "GPL-1.0-or-later"
concluded_license: "LGPL-2.1-or-later"
reason: "CODE"
comment: "License mentioned in code."
- path: "3rdparty/glib/glib/gchecksum.c"
detected_license: "LicenseRef-scancode-pycrypto"
concluded_license: "LGPL-2.1-or-later"
reason: "DOCUMENTATION_OF"
comment: "Documents the origin of this code section (Copyright (C) 1995, A.M. Kuchling)."
- path: "3rdparty/spdlog/include/spdlog/fmt/bundled/fmt.license.rst"
detected_license: "Apache-2.0 WITH NOASSERTION"
concluded_license: "MIT"
reason: "DOCUMENTATION_OF"
comment: "Additional details provided on this source code being embedded in another machine-executable object form of source code."
- path: "3rdparty/spdlog/include/spdlog/fmt/bundled/format.h"
detected_license: "Apache-2.0 WITH NOASSERTION"
concluded_license: "MIT"
reason: "DOCUMENTATION_OF"
comment: "Additional details provided on this source code being embedded in another machine-executable object form of source code."
- path: "3rdparty/curl/LICENSES/GPL-3.0-or-later.txt"
detected_license: "GPL-3.0-only"
concluded_license: "curl"
reason: "DOCUMENTATION_OF"
comment: "Copy of GNU GENERAL PUBLIC LICENSE."
- path: "3rdparty/curl/scripts/copyright.pl"
detected_license: "GPL-3.0-or-later"
concluded_license: "curl"
reason: "CODE"
comment: "License name used in script."
- path: "3rdparty/curl/scripts/copyright.pl"
detected_license: "GPL-1.0-or-later"
concluded_license: "curl"
reason: "CODE"
comment: "License name used in script."
- path: "3rdparty/curl/m4/ax_compile_check_sizeof.m4"
detected_license: "GPL-3.0-or-later"
concluded_license: "curl"
reason: "DOCUMENTATION_OF"
comment: "Documents code tool provided under the GPL-3.0-or-later license (Copyright (c) 2008 Kaveh Ghazi <[email protected]>, Copyright (c) 2017 Reini Urban <[email protected]>)"
- path: "3rdparty/glib/gobject/glib-genmarshal.in"
detected_license: "GPL-1.0-or-later"
concluded_license: "LGPL-2.1-or-later"
reason: "CODE"
comment: "GNU General Public License mentioned in string."
- path: "3rdparty/openssl/crypto/aes/asm/bsaes-armv7.pl"
detected_license: " GPL-1.0-or-later"
concluded_license: "Apache-2.0"
reason: "DOCUMENTATION_OF"
comment: "Documents that specific modes/adaptations by Ard Biesheuvel of Linaro are licensed under GPL, the module is dual-licensed under OpenSSL and CRYPTOGAMS license."
- path: "3rdparty/glib/glib-gettextize.in"
detected_license: "GPL-2.0-or-later"
concluded_license: "LGPL-2.1-or-later"
reason: "DOCUMENTATION_OF"
comment: "Documents permission to use under GPL, code used to 'internationalize' packages using gettext."
- path: "3rdparty/glib/glib/gen-unicode-tables.pl"
detected_license: "GPL-2.0-or-later"
concluded_license: "LGPL-2.1-or-later"
reason: "DOCUMENTATION_OF"
comment: "Documents permission to use this perl script under GPL."
- path: "3rdparty/glib/glib/gtree.c"
detected_license: "LicenseRef-scancode-proprietary-license"
concluded_license: "LGPL-2.1-or-later"
reason: "INCORRECT"
comment: "Invalid detection of a license issue."
- path: "3rdparty/glib/gobject/glib-mkenums.in"
detected_license: "GPL-2.0-only OR GPL-3.0-only"
concluded_license: "LGPL-2.1-or-later"
reason: "CODE"
comment: "GNU General Public License mentioned in string."
- path: "3rdparty/glib/gobject/glib-mkenums.in"
detected_license: "GPL-3.0-only"
concluded_license: "LGPL-2.1-or-later"
reason: "CODE"
comment: "GNU General Public License mentioned in string."
- path: "3rdparty/openssl/crypto/camellia/asm/cmll-x86.pl"
detected_license: "GPL-2.0-or-later OR LGPL-2.1-or-later OR MPL-1.1 OR BSD-3-Clause"
concluded_license: "Apache-2.0"
reason: "DOCUMENTATION_OF"
comment: "Documents permission to use this perl script under GPL & LGPL."
- path: "3rdparty/openssl/crypto/camellia/asm/cmll-x86_64.pl"
detected_license: "GPL-2.0-or-later OR LGPL-2.1-or-later OR MPL-1.1 OR BSD-3-Clause"
concluded_license: "Apache-2.0"
reason: "DOCUMENTATION_OF"
comment: "Documents permission to use this perl script under GPL & LGPL."
- path: "3rdparty/openssl/crypto/sha/asm/sha256-armv4.pl"
detected_license: "OpenSSL OR BSD-3-Clause OR GPL-1.0-or-later"
concluded_license: "Apache-2.0"
reason: "DOCUMENTATION_OF"
comment: "Documents that this module is dual-licensed under OpenSSL and CRYPTOGAMS licenses."
- path: "3rdparty/openssl/crypto/sha/asm/sha512-armv4.pl"
detected_license: "OpenSSL OR BSD-3-Clause OR GPL-1.0-or-later"
concluded_license: "Apache-2.0"
reason: "DOCUMENTATION_OF"
comment: "Documents that this module is dual-licensed under OpenSSL and CRYPTOGAMS licenses."
- path: "3rdparty/openssl/crypto/sha/asm/sha512-armv8.pl"
detected_license: "OpenSSL OR BSD-3-Clause OR GPL-1.0-or-later OR GPL-2.0-only"
concluded_license: "Apache-2.0"
reason: "DOCUMENTATION_OF"
comment: "Documents that this module is dual-licensed under OpenSSL and CRYPTOGAMS licenses."
packages:
- id: "SpdxDocumentFile:IBM Corp.:paho.mqtt.c"
curations:
comment: "The license is not correctly detected, the concluded license for paho.mqtt.c is EPL-2.0."
concluded_license: "EPL-2.0"
- id: "SpdxDocumentFile::paho.mqtt.cpp"
curations:
comment: "The license is not correctly detected, the concluded license for paho.mqtt.cpp is EPL-1.0."
concluded_license: "EPL-1.0"