Comments (7)
Thank you for a response!
- run
pip list
and see ifGCC runtime library
is listed as an installed package
No, GCC runtime library
doesn't show up in pip list
, while scipy
does.
- run
pip show scipy
in your project and see if there is anything there related to the GCC runtime library dependency
pip show scipy
displays the whole license text including the bundled libraries. There is nothing else related to the GCC runtime library.
- is there a cached license metadata file for
scipy.dep.yml
with accurate information (name, version, licenses)?
No, scipy.dep.yml
doesn't exist when installing scipy==1.9.2. When scipy==1.9.1 is installed, the following scipy.dep.yml
is generated:
---
name: scipy
version: 1.9.1
type: pip
summary: 'SciPy: Scientific Library for Python'
homepage: https://www.scipy.org
license: other
licenses:
- sources: LICENSE.txt
text: [The whole license text]
notices: []
from licensed.
Sorry for the delay on this. I've opened #555 as a fix to finding the wrong package name
It looks like that licensed determines the name of the cache file from information in the license file. I guess it should instead use package information directly.
This was the cause of the issue - the license text that is output from pip show scipy
includes Name: GCC runtime library
. The metadata parsing logic was too naive and overwrote the Name: scipy
metadata that was encountered earlier in the output.
Licensed might be failing to parse the first part of the scipy license file as a BSD 3-clause licensed. At a glance it looks like a normal BSD 3-clause license sentences.
Licensed uses licensee to parse license text and attempt to match the text to a known license. Licensee is not setup to read multiple licenses in a single body of text (i.e. read from a single LICENSE file) and will by default report other
. I don't mean to ignore this but this is not the right repo to report that as an issue since Licensed doesn't directly handle license detection 😅
You can open an issue in the licensee repo but I'm not sure that it will get much traction. Detecting multiple licenses from a single file can get complicated because
- AFAIK there's no standard for how to separate the different licenses which makes detection hard and error prone.
- many times when multiple licenses are used each license applies to specific parts of the distributed code. the additional text like "this license applies to files A,B,C" makes it almost a certainty that licensee won't have enough confidence to determine a match. unfortunately again, fixing that problem is hard and error prone.
from licensed.
@kwkbtr ah sorry, I was trying to also get a fix for #541 into the release but that one is a bit larger and I haven't had enough time to finish it yet. I'll put out a patch release today
from licensed.
Thanks for the report! I'll take a closer look at this during my daytime tomorrow (MST USA timezone) and try to set up a repro, but in the meantime can you provide any info about the following:
- run
pip list
and see ifGCC runtime library
is listed as an installed package - run
pip show scipy
in your project and see if there is anything there related to the GCC runtime library dependency - is there a cached license metadata file for
scipy.dep.yml
with accurate information (name, version, licenses)?
from licensed.
Thank you for the fix!
As for reading a license text containing multiple licenses: thank you for clarification, I agree with you that it is error prone, so it may be better to leave it as is. I can override the license once the file name is fixed, so it should not be a problem.
from licensed.
Will this fix be released soon?
I'm not sure if this is the right place to ask, but I'm using https://github.com/jonabc/setup-licensed to install licensed on GitHub Actions, and it seems that it only supports release versions.
from licensed.
Thank you, my CI has been fixed!
from licensed.
Related Issues (20)
- The `cache` command is not cleaning up stale license files HOT 2
- licensed v4.0.0 test failure in Homebrew HOT 4
- Cocoapods-core is incompatible with Rails 7 HOT 4
- Remove dep
- Go modules license detection seems off (possibly /v2) HOT 2
- Add support for pnpm as a source HOT 22
- Re-evaluate default Gradle configurations
- Allow users to manually curate paths to license content for a detected dependency
- Create cocoapods plugin for enumerating dependencies for licensed HOT 3
- Checksum-based review HOT 7
- How to list licenses from cache HOT 2
- Make licensed status detect dependencies that have been removed HOT 8
- Remove bower support
- Bug with gem bundle in subdirectory / Could not find optimist (3.1.0) in any sources
- Bug with pnpm in subdirectory (tries both npm and pnpm resolution?)
- Gradle source not working when using Kotlin DSL (build.gradle.kts)
- Can't detect licenses of default gems
- Phone outdated
- licensed cache report exit code `1` HOT 2
- Installation Help
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from licensed.