Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate "or later" licenses #9

Open
pombredanne opened this issue Feb 23, 2017 · 14 comments
Open

Validate "or later" licenses #9

pombredanne opened this issue Feb 23, 2017 · 14 comments

Comments

@pombredanne
Copy link
Member

pombredanne commented Feb 23, 2017

The master branch implementation treats "or later" licenses as separate keys with an eventual aliases.

The alternate-or-later-handling branch implementation treats "or later" as keywords and not as separate license keys.
If this later implementation ends up a winner, if would make sense to add validation to license symbols to check if a license supports an "or later" version or not to avoid stupid things like "MIT or later"

pombredanne added a commit that referenced this issue Apr 18, 2017
 * this is an alternative approach to deal with "or later"
   where these are recognized as their own token.
 * as a side effect, a symbol needs to have an "or later"
   attribute and the render() calls needs to accept an
   "or later" template for proper rendering.
 * license keys can no longer contain a "+" or 
   "or later" though this is could be relaxed as the
   automaton-based tokenizer could also handle this if needed

Link: #9
Signed-off-by: Philippe Ombredanne <[email protected]>
pombredanne added a commit that referenced this issue Apr 18, 2017
 * tokenize() now handles two cases: the Licensing was created with
   or without symbols. In the first case, the automaton-based tokenizer
   is used; otherwise a plain regex-based splitter is used and more
   constraints are enforced on license symbols: they cannot contain
   spaces and only the "+" is recognized as or later.

Link: #9
Signed-off-by: Philippe Ombredanne <[email protected]>
@steven-esser
Copy link
Contributor

steven-esser commented Dec 6, 2019

#11 has been merged. Is there anything left to do here?

@RazerM
Copy link
Contributor

RazerM commented Oct 31, 2022

Based on Annex D: SPDX license expressions, shouldn't I be able to parse Apache-2.0+, for example?

>>> from license_expression import get_spdx_licensing
>>> licensing = get_spdx_licensing()
>>> licensing.parse("Apache-2.0+", validate=True, strict=True)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "<redacted>/python3.9/site-packages/license_expression/__init__.py", line 559, in parse
    self.validate_license_keys(expression)
  File "<redacted>/python3.9/site-packages/license_expression/__init__.py", line 466, in validate_license_keys
    raise ExpressionError(msg)
license_expression.ExpressionError: Unknown license key(s): Apache-2.0+

@pombredanne
Copy link
Member Author

@RazerM Thank you for chiming in!

We use the bundled SPDX license list (derived from ScanCode) to validate strictly and we do not consider non-catalogued usages of the + trailing sign as a special construct: if you (really) want to support some Apache-2.0+ license you would need to add this explicitly to a symbol list for this to validate.

You will note that even at SPDX, the use of trailing + is generally out of favor when not flat-out deprecated as it is for GPL/LGPL in the https://spdx.org/licenses/ "Deprecated License Identifiers" section in favor of using proper dedicated licenses keys such as GPL-2.0-or-later. So technically the spec would allow GPL-2.0-or-later+ and GPL-2.0-only+ which is at best weird if not fun and byzantine.

We do support all common usage of a + on A/L/GPL and GFDL licenses with aliases and this covers 99.99% of the case seen in the wild as provided in the list such as here: https://github.com/nexB/license-expression/blob/da6f49db9ef1b44a0d5d52851e60ed14dff82c78/src/license_expression/data/scancode-licensedb-index.json#L7188

In earnest I only ever saw an explicit usage of an "Apache-2.0 or later" license notice in the wild a handful of times; and it is a minor point in the grand scheme of things until there will be such thing as another version of the Apache license which is a fairly unlikely event to happen in the next few years.

This said, we still have a handful of rules in scancode and we report an Apache 2.0 in these cases, so this is not an entirely unknown quantity albeit odd and rare in the wild:

So to recap:

  1. we do not support generic trailing + suffix but instead only use concrete license identifiers. So we no not exactly support everything in the SPDX grammar. This is a design choice and this avoids weird shots.
  2. if you need some Apache-2.0+ now you can add it locally to your symbol list either as a new key or an alias for the Apache-2.0
  3. Apache-2.0+ is at best a harmless oddity IMHO but we detect it in ScanCode as plain Apache-2.0
  4. I am OK to add Apache-2.0+ as a SPDX id alternative to the main Apache-2.0 in ScanCode and thhis will then trickle down here too
  5. I am not against adding an apache-2.0-plus to the licensedb if there is some minimally visible usage in the wild and we would give it an Apache-2.0+ SPDX id.

@pombredanne
Copy link
Member Author

Just to explain further, here I am adding Apache-2.0+ as an alternative SPDX id for apache-2.0

>>> from license_expression import *
>>> index = get_license_index()
>>> apache = [l for l in index if l["license_key"] == "apache-2.0"][0]
>>> apache["other_spdx_license_keys"].append("Apache-2.0+")
>>> spdx_licensing = build_spdx_licensing(index) 
>>> spdx_licensing.parse("Apache-2.0+", validate=True, strict=True)
LicenseSymbol('Apache-2.0', aliases=('Apache-2.0+',), is_exception=False)

or with a new symbol:

>>> index = get_license_index()
>>> a2plus = {'license_key': 'apache-2.0-plus', 'spdx_license_key': 'Apache-2.0+', 'other_spdx_license_keys': [], 'is_exception': False, 'is_deprecated': False, 'json': 'TBD', 'yml': 'TBD', 'html': 'TBD', 'text': 'TBD'}
>>> index.append(a2plus)
>>> spdx_licensing = build_spdx_licensing(index) 
>>> spdx_licensing.parse("Apache-2.0+", validate=True, strict=True)
LicenseSymbol('Apache-2.0+', is_exception=False)

@RazerM
Copy link
Contributor

RazerM commented Oct 31, 2022

@pombredanne thank you for the thorough response!

I didn't see Apache-2.0+ in the wild with my dependencies. I am evaluating the use of this library to parse licenses and I had noticed in the SPDX spec that this syntax exists.

Given the workarounds that are available if this does come up, it should be fine.

@pombredanne
Copy link
Member Author

pombredanne commented Oct 31, 2022

@RazerM you wrote:

I am evaluating the use of this library to parse licenses

I can state --without a hint of bias 👼 -- that this is likely the finest license-expression parsing library available in Python (and I think it is also the only one :] ) and likely one of the nicest anywhere! ... more seriously keep us posted with your eval. This is used in a few other projects such as AboutCode toolkit, ScanCode toolkit and ScanCode.io, FSFE REUSE and other places. It is supposed to be decently good at the small things it knows to do. And it is backed by a not too shabby boolean engine by @bastikr that I co-maintain.

If there is something that does not work as it should, I would like it fixed, so your feedback is mucho welcomed!

@mgorny
Copy link

mgorny commented Apr 2, 2023

I've used license-expression as part of pycargoebuild to parse license strings from Rust packages. Unfortunately, there are quite some people who unpredictably use + with licenses such as MPL-2.0 and I'd really prefer if I hadn't to work around this, at least long term.

You will note that even at SPDX, the use of trailing + is generally out of favor

Could you explain? I find that specification very hard to read but I couldn't find anything saying that.

@pombredanne
Copy link
Member Author

@mgorny do you have a list of all these cases?
For MPL-2.0 in particular MPL-2.0+ means nothing special, the MPL-2.0 already has baked in terms that allow to use any other versions. See section 10.2:

10.2. Effect of New Versions

You may distribute the Covered Software under the terms of the version
of the License under which You originally received the Covered Software,
or under the terms of any subsequent version published by the license
steward.

So here, we could effectively parse MPL-2.0+ to MPL-2.0 with a proper alias in the licensing symbols IMHO.

@mjherzog
Copy link
Member

mjherzog commented Apr 2, 2023

@mgorny The deprecation of "+" in favor "or-later" may not be in the spec, but it is in the (long) history of SPDX discussions. The "+" symbol was kept for backward compatibility.

@mgorny
Copy link

mgorny commented Apr 3, 2023

@mgorny do you have a list of all these cases? For MPL-2.0 in particular MPL-2.0+ means nothing special, the MPL-2.0 already has baked in terms that allow to use any other versions.

I don't have a list (this is the first time it was reported to me, with MPL-2.0+), and I know. The problem roughly is, it's valid and Rust accepts it, so people can use it, and so we have to handle it somehow. In my code I already include the automatic fallback to plain license if we don't have an explicit expansion, it's verification that's gating it. That said, I removed verify=True for the time being, I suppose that's good enough for us.

@mgorny
Copy link

mgorny commented Apr 3, 2023

@mgorny The deprecation of "+" in favor "or-later" may not be in the spec, but it is in the (long) history of SPDX discussions. The "+" symbol was kept for backward compatibility.

Well, then, perhaps it should be in the spec and propagated more widely because right now new projects are using it (whether it's meaningless or not).

@pombredanne
Copy link
Member Author

@mgorny

I don't have a list (this is the first time it was reported to me, with MPL-2.0+),

  • Do you have a URL pointer to where this is seen?
  • Would you have a list of published crates' license tags?

@mgorny
Copy link

mgorny commented Apr 3, 2023

@mgorny

I don't have a list (this is the first time it was reported to me, with MPL-2.0+),

  • Do you have a URL pointer to where this is seen?

https://crates.io/crates/smartstring

  • Would you have a list of published crates' license tags?

I don't. I suppose you could grab the database dump (warning: 275M; linked on data access). data/versions.csv has a license field, I suppose you could grab that and parse license expressions from there. Note that some old crates use foo/bar instead of foo OR bar.

@pombredanne
Copy link
Member Author

@mgorny for reference, I just had a quick look at the versions.csv of the db dump: once filtered it yields these 482 unique license statements, with a good number that NOT valid SPDX expressions in the first place:

(Apache-2.0 OR MIT) AND BSD-3-Clause
(EPL-1.0 OR BSD-3-Clause) AND BSD-1-Clause AND BSD-3-Clause AND MIT
(GPL-3.0-only OR LicenseRef-SixtyFPS-commercial)
(MIT OR Apache-2.0 OR BSD-3-Clause) AND OFL-1.1
(MIT OR Apache-2.0) AND BSD-3-Clause
(MIT OR Apache-2.0) AND OFL-1.1
(MIT OR Apache-2.0) AND OFL-1.1 AND LicenseRef-UFL-1.0
(MIT OR Apache-2.0) AND Unicode-DFS-2016
0BSD
0BSD OR Apache-2.0
0BSD OR MIT OR Apache-2.0
0BSD OR Zlib
AAL
AFL-1.1
AFL-2.0
AFL-3.0
AGPL-1.0
AGPL-1.0-or-later
AGPL-3.0
AGPL-3.0 WITH eCos-exception-2.0
AGPL-3.0-only
AGPL-3.0-or-later
AGPL-3.0-or-later OR BSD-3-Clause
AGPL-3.0/GPL-3.0/MIT/Apache-2.0
AGPL-3.0+
AGPLv3/Apache-2.0
AML
AML/Apache-2.0
Apache-1.0
Apache-2.0
Apache-2.0 / MIT
Apache-2.0 / MIT / MPL-2.0
Apache-2.0 AND BSD-3-Clause
Apache-2.0 AND CC-BY-SA-4.0
Apache-2.0 AND GPL-2.0-or-later
Apache-2.0 AND MIT
Apache-2.0 AND MIT AND BSD-3-Clause
Apache-2.0 AND W3C-20150513 AND CC-BY-SA-3.0
Apache-2.0 AND W3C-20150513 AND CC-BY-SA-3.0 AND BSD-3-Clause
Apache-2.0 OR BlueOak-1.0.0
Apache-2.0 OR BSD-2-Clause
Apache-2.0 OR BSD-3-Clause
Apache-2.0 OR BSD-3-Clause OR MIT OR Zlib
Apache-2.0 OR BSL-1.0
Apache-2.0 OR BSL-1.0 OR MIT
Apache-2.0 OR CC0-1.0
Apache-2.0 OR GPL-2.0-or-later
Apache-2.0 OR GPL-3.0
Apache-2.0 OR GPL-3.0-or-later
Apache-2.0 OR ISC
Apache-2.0 OR ISC OR MIT
Apache-2.0 OR LGPL-2.1-or-later
Apache-2.0 OR LGPL-3.0
Apache-2.0 OR LGPL-3.0-or-later
Apache-2.0 OR LicenseRef-sabaton-commercial
Apache-2.0 OR MIT
Apache-2.0 OR MIT AND Zlib
Apache-2.0 OR MIT OR BSL-1.0
Apache-2.0 OR MIT OR CC0-1.0
Apache-2.0 OR MIT OR ISC
Apache-2.0 OR MIT OR MPL-2.0
Apache-2.0 OR MIT OR Zlib
Apache-2.0 OR MIT-0
Apache-2.0 OR MPL-2.0
Apache-2.0 OR Zlib
Apache-2.0 OR Zlib OR MIT
Apache-2.0 WITH LLVM-exception
Apache-2.0 WITH LLVM-exception AND MIT
Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT
Apache-2.0 WITH LLVM-exception OR BSL-1.0
Apache-2.0 WITH LLVM-exception OR MIT
Apache-2.0 WITH LLVM-exception OR NCSA OR MIT
Apache-2.0/BSD-3-Clause-Clear/MIT
Apache-2.0/GPL-2.0
Apache-2.0/GPL-2.0+
Apache-2.0/GPL-3.0
Apache-2.0/ISC/MIT
Apache-2.0/MIT
Apache-2.0/MIT/BSL-1.0/CC0-1.0
Apache-2.0/MIT/Unlicense
Apache-2.0/PostgreSQL
Apache-2.0/Zlib
APL-1.0
APSL-2.0
APSL-2.0 OR MIT
Artistic-1.0 OR GPL-2.0-or-later
Artistic-1.0-Perl
Artistic-2.0
ASL2/MIT
Beerware
Beerware OR MIT OR Apache-2.0
blessing
BlueOak-1.0.0
BlueOak-1.0.0 OR Apache-2.0
BlueOak-1.0.0 OR BSD-2-Clause-Patent
BlueOak-1.0.0 OR MIT OR Apache-2.0
BSD
BSD-1-Clause
BSD-2-Clause
BSD-2-Clause AND BSD-1-Clause
BSD-2-Clause AND BSL-1.0
BSD-2-Clause AND ISC AND MIT
BSD-2-Clause AND LGPL-3.0-or-later
BSD-2-Clause AND MIT
BSD-2-Clause OR Apache-2.0
BSD-2-Clause OR GPL-3.0-or-later
BSD-2-Clause OR MIT
BSD-2-Clause OR MIT OR Apache-2.0
BSD-2-Clause-FreeBSD
BSD-2-Clause-Patent
BSD-2-Clause/MIT
BSD-3-Clause
BSD-3-Clause AND Apache-2.0
BSD-3-Clause AND MIT OR BSD-3-Clause AND Apache-2.0
BSD-3-Clause AND Zlib
BSD-3-Clause OR Apache-2.0
BSD-3-Clause OR MIT OR Apache-2.0
BSD-3-Clause OR Unlicense
BSD-3-Clause-Attribution
BSD-3-Clause-Clear
BSD-3-Clause-Clear/Apache-2.0
BSD-3-Clause/Apache-2.0
BSD-3-Clause/MIT
BSD-4-Clause
BSD-Protection
BSD-Source-Code
BSL-1.0
BSL-1.0 OR Apache-2.0
BSL-1.0/Apache-2.0
BUSL-1.1
CAL-1.0
CC-BY-1.0
CC-BY-4.0
CC-BY-4.0 AND MIT
CC-BY-NC-2.5
CC-BY-NC-4.0
CC-BY-NC-ND-1.0
CC-BY-NC-ND-2.5
CC-BY-NC-ND-4.0
CC-BY-NC-SA-2.5
CC-BY-NC-SA-3.0
CC-BY-NC-SA-4.0
CC-BY-NC-SA-4.0 OR Apache-2.0
CC-BY-ND-4.0
CC-BY-SA-3.0 OR GFDL-1.1-only
CC-BY-SA-4.0
CC-BY-SA-4.0/MIT
CC-PDDC
CC-PDDC OR MIT
CC0-1.0
CC0-1.0 AND Apache-2.0
CC0-1.0 OR Apache-2.0
CC0-1.0 OR Apache-2.0 OR MIT
CC0-1.0 OR Artistic-2.0
CC0-1.0 OR MIT
CC0-1.0 OR MIT OR Apache-2.0
CC0-1.0 OR MIT-0
CC0-1.0 OR MIT-0 OR Apache-2.0
CC0-1.0 OR Unlicense
CC0-1.0/MIT/BSD 3-clause
CDDL-1.0
CDDL-1.1
CDDL-1.1 OR GPL-2.0-or-later
CECILL-2.1
CECILL-B
CECILL-C
CECILL-C OR CECILL-2.1
D-FSL-1.0
EFL-2.0
Elastic-2.0
EPL-1.0
EPL-2.0
EPL-2.0 OR Apache-2.0
EUPL-1.1
EUPL-1.2
EUPL-1.2 OR Unlicense
EUPL-1.2+
Fair
FSFAP
FTL / GPL-2.0
FTL OR GPL-2.0
GLWTPL
GPL-1.0
GPL-1.0-only
GPL-1.0-or-later
GPL-1.0-or-later OR Artistic-1.0-Perl
GPL-2.0
GPL-2.0 OR Apache-2.0
GPL-2.0 OR Artistic-1.0
GPL-2.0 OR GPL-3.0
GPL-2.0-only
GPL-2.0-only OR BSD-3-Clause
GPL-2.0-only WITH GCC-exception-2.0
GPL-2.0-or-later
GPL-2.0-or-later AND MIT AND GPL-2.0-only WITH Linux-syscall-note
GPL-2.0-or-later OR Apache-2.0
GPL-2.0-or-later OR CDDL-1.0
GPL-2.0-or-later OR GPL-3.0-or-later AND CC0-1.0
GPL-2.0-or-later OR LGPL-2.0-or-later
GPL-2.0-or-later WITH Bison-exception-2.2
GPL-2.0-or-later WITH Font-exception-2.0
GPL-2.0/GPL-3.0
GPL-2.0/GPL-3.0/Apache-2.0/MIT
GPL-2.0+
GPL-2.0+ AND AGPL-3.0+
GPL-2.0+ AND LGPL-2.1+ AND MPL-1.1
GPL-2.0+ WITH Bison-exception-2.2
GPL-3.0
GPL-3.0 / MPL-2.0
GPL-3.0 AND MIT
GPL-3.0 OR Apache-2.0
GPL-3.0 OR LGPL-2.1
GPL-3.0 OR LGPL-3.0-only
GPL-3.0 OR MIT
GPL-3.0 WITH Classpath-exception-2.0
GPL-3.0-only
GPL-3.0-only 
GPL-3.0-only OR LicenseRef-Slint-commercial
GPL-3.0-only OR MIT
GPL-3.0-only WITH Classpath-exception-2.0
GPL-3.0-only WITH GPL-3.0-linking-exception
GPL-3.0-or-later
GPL-3.0-or-later AND BSD-3-Clause
GPL-3.0-or-later AND MIT
GPL-3.0-or-later AND MIT AND Apache-2.0
GPL-3.0-or-later OR AGPL-3.0-or-later
GPL-3.0-or-later OR copyleft-next-0.3.1
GPL-3.0-or-later OR LGPL-3.0-or-later
GPL-3.0-or-later OR MIT
GPL-3.0-or-later WITH Classpath-exception-2.0
GPL-3.0-or-later WITH GCC-exception-2.0
GPL-3.0/GFDL-1.3
GPL-3.0/LGPL-3.0
GPL-3.0/MaidSafe.net Commercial License 1.0
GPL-3.0/MPL-2.0/LGPL-3.0
GPL-3.0+
GPL-3.0+ AND BSD-3-Clause
GPL-3.0+ OR BSD-3-Clause
GPL-3.0+/BSD-3-Clause
GPLv3
Hippocratic-2.1
ICU
IJG
IJG AND Zlib
IJG AND Zlib AND BSD-3-Clause
ISC
ISC OR Apache-2.0
ISC OR GPL-3.0-or-later
ISC OR MIT OR Apache-2.0
ISC OR MIT OR Apache-2.0 WITH LLVM-exception
ISC/Apache-2.0
ISC/MIT/Apache-2.0
LGPL-2.0
LGPL-2.0 OR MPL-1.1
LGPL-2.0-only
LGPL-2.0-or-later
LGPL-2.0+
LGPL-2.1
LGPL-2.1 AND Apache-2.0
LGPL-2.1 AND MIT
LGPL-2.1 AND MIT AND BSD-2-Clause
LGPL-2.1 OR BSD-2-Clause
LGPL-2.1 OR LGPL-3.0
LGPL-2.1 OR MIT OR Apache-2.0
LGPL-2.1 OR MPL-1.1
LGPL-2.1 OR MPL-2.0
LGPL-2.1-only
LGPL-2.1-only AND MIT
LGPL-2.1-only AND MIT AND BSD-2-Clause
LGPL-2.1-only AND MIT AND BSD-2-Clause AND Apache-2.0
LGPL-2.1-only OR BSD-2-Clause
LGPL-2.1-only OR LGPL-3.0-only
LGPL-2.1-only OR MIT
LGPL-2.1-or-later
LGPL-2.1-or-later OR MIT
LGPL-2.1-or-later WITH GCC-exception-2.0
LGPL-2.1-or-later WITH WxWindows-exception-3.1
LGPL-2.1/BSD-2-Clause
LGPL-2.1/LGPL-3.0
LGPL-2.1/MIT
LGPL-2.1+
LGPL-3.0
LGPL-3.0 OR Apache-2.0
LGPL-3.0 OR GPL-2.0 OR GPL-3.0
LGPL-3.0 OR MPL-2.0
LGPL-3.0-only
LGPL-3.0-or-later
LGPL-3.0-or-later OR Apache-2.0
LGPL-3.0-or-later OR Apache-2.0 OR BSD-2-Clause
LGPL-3.0-or-later OR Apache-2.0 OR BSD-2-Clause OR MIT
LGPL-3.0-or-later OR MIT
LGPL-3.0-or-later OR MPL-2.0
LGPL-3.0/GPL-2.0/GPL-3.0
LGPL-3.0+
LGPL-3.0+/GPL-3.0+
Libpng
LicenseRef-ELv2
LicenseRef-LICENSE.txt
LicenseRef-OQL-1.1
LicenseRef-Traverse-Proprietary
LiLiQ-Rplus-1.1
LPPL-1.3c
MirOS
MIT
MIT / Apache-2.0
MIT / BSL-1.0
MIT AND Apache-2.0
MIT AND BSD-2-Clause
MIT AND BSD-2-Clause OR Apache-2.0 AND BSD-2-Clause
MIT AND BSD-3-Clause
MIT AND CC-BY-4.0
MIT AND CC-BY-4.0 AND CC0-1.0
MIT AND LGPL-2.0-or-later
MIT AND LGPL-2.1-or-later
MIT AND MPL-2.0
MIT AND ODbL-1.0
MIT AND OFL-1.1
MIT AND PSF-2.0
MIT AND Unicode-DFS-2016
MIT AND WTFPL
MIT AND Zlib
MIT AND Zlib OR Apache-2.0 AND Zlib
MIT OR MPL-2.0
MIT OR Apache-2.0
MIT OR Apache-2.0
MIT OR Apache-2.0 OR 0BSD
MIT OR Apache-2.0 OR 0BSD OR CC0-1.0 OR CDDL-1.0 OR MIT-0 OR Unlicense OR WTFPL
MIT OR Apache-2.0 OR Beerware
MIT OR Apache-2.0 OR BSD-1-Clause
MIT OR Apache-2.0 OR BSD-2-Clause
MIT OR Apache-2.0 OR BSD-3-Clause
MIT OR Apache-2.0 OR BSL-1.0
MIT OR Apache-2.0 OR BSL-1.0 OR MPL-2.0 OR Zlib
MIT OR Apache-2.0 OR BSL-1.0 OR MPL-2.0 OR Zlib OR Unlicense
MIT OR Apache-2.0 OR CC-BY-4.0
MIT OR Apache-2.0 OR CC-BY-4.0 OR BSD-4-Clause
MIT OR Apache-2.0 OR CC0-1.0
MIT OR Apache-2.0 OR GPL-2.0
MIT OR Apache-2.0 OR GPL-2.0 OR GPL-3.0
MIT OR Apache-2.0 OR GPL-2.0-only
MIT OR Apache-2.0 OR GPL-2.0-or-later
MIT OR Apache-2.0 OR GPL-3.0-or-later
MIT OR Apache-2.0 OR ISC
MIT OR Apache-2.0 OR ISC OR LGPL-3.0-or-later OR CC-BY-4.0
MIT OR Apache-2.0 OR LGPL-2.1-or-later
MIT OR Apache-2.0 OR MPL-2.0
MIT OR Apache-2.0 OR Unlicense
MIT OR Apache-2.0 OR Zlib
MIT OR Apache-2.0 WITH LLVM-exception
MIT OR Apache-2.0+
MIT OR BSD-2-Clause
MIT OR BSD-2-Clause OR Apache-2.0
MIT OR BSD-2-Clause OR GPL-2.0+
MIT OR BSD-3-Clause
MIT OR BSL-1.0
MIT OR CC0-1.0
MIT OR GPL-2.0-or-later OR Apache-2.0
MIT OR GPL-3.0
MIT OR GPL-3.0 OR BSD-3-Clause
MIT OR GPL-3.0-or-later
MIT OR GPL-3.0+
MIT OR ISC
MIT OR LGPL-2.1-only
MIT OR LGPL-2.1-or-later
MIT OR LGPL-3.0-or-later
MIT OR MIT-0 OR Apache-2.0
MIT OR MPL-2.0
MIT OR MPL-2.0+
MIT OR MulanPSL-2.0
MIT OR PDDL-1.0
MIT OR Unlicense
MIT OR UPL-1.0
MIT OR Zlib OR Apache-2.0
MIT-0
MIT-0 OR 0BSD
MIT-open-group 
MIT/AGPL-1.0
MIT/Apache-1.0
MIT/Apache-2.0
MIT/Apache-2.0 AND BSD-2-Clause
MIT/Apache-2.0/BSD-3-Clause
MIT/Apache-2.0/BSL-1.0
MIT/Apache-2.0/CC0-1.0
MIT/Apache-2.0/ISC
MIT/Apache-2.0/LGPL-2.1
MIT/Apache-2.0/NCSA
MIT/Apache-2.0/Unlicense
MIT/Apache-2.0/Unlicense/WTFPL
MIT/APSL-2.0
MIT/BSD-2-Clause
MIT/BSD-3-Clause
MIT/BSL-1.0
MIT/GPL-3.0
MIT/ISC
MIT/LGPL-2.1
MIT/LGPL-3.0
MIT/NCSA
MIT/Unlicense
MIT/WTFPL
MIT/WTFPL/BSL-1.0
MIT/X11
MIT/X11 OR Apache-2.0
MIT/Zlib
MITNFA
MPL
MPL-1.1/GPL-2.0/LGPL-2.1
MPL-2.0
MPL-2.0 AND GPL-2.0
MPL-2.0 AND LGPL-3.0-only
MPL-2.0 OR Apache-2.0 OR MIT
MPL-2.0 OR GPL-2.0-only
MPL-2.0 OR GPL-3.0-only
MPL-2.0 OR LGPL-3.0
MPL-2.0 OR MIT OR Apache-2.0
MPL-2.0-no-copyleft-exception
MPL-2.0/MIT/Apache-2.0
MPL-2.0+
MPL-2.0+/LGPL-3.0+
MS-PL
MulanPSL-2.0
MulanPSL-2.0 OR MIT
NCSA
NCSA AND BSD-3-Clause
NLPL
non-standard
NPOSL-3.0
OGL-UK-3.0
OLDAP-2.8
OSL-3.0
OSL-3.0/AGPL-3.0-or-later
Parity-6.0.0
Parity-6.0.0 AND Apache-2.0
PDDL-1.0
PostgreSQL
PostgreSQL OR MIT
Python-2.0
Python-2.0 AND MPL-2.0
Python-2.0 OR MPL-2.0
Python-2.0.1 OR Apache-2.0 OR MIT
RPL-1.5
SimPL-2.0
Sleepycat
SSPL-1.0
Unicode-DFS-2016
Unicode-TOU
Unlicense
Unlicense AND BSD-3-Clause
Unlicense OR Apache-2.0
Unlicense OR BSD-2-Clause
Unlicense OR CC0-1.0 OR MIT
Unlicense OR CC0-1.0 OR MIT OR Apache-2.0
Unlicense OR MIT
Unlicense OR MIT OR Apache-2.0
Unlicense OR MIT OR Apache-2.0 OR CC0-1.0
Unlicense OR UPL-1.0 OR CC0-1.0 OR CC-PDDC OR WTFPL OR MIT
Unlicense/0BSD
Unlicense/Apache-2.0
Unlicense/MIT
Unlicense/MPL-1.1/MIT
UPL-1.0
UPL-1.0 OR Apache-2.0
UPL-1.0/Apache-2.0
WTFPL
WTFPL OR 0BSD
WTFPL OR CC0-1.0
WTFPL OR MIT
WTFPL OR MIT OR Apache-2.0
WTFPL OR WTFPL OR WTFPL OR WTFPL OR WTFPL OR WTFPL OR WTFPL OR WTFPL
WTFPL/MIT/Apache-2.0
WTFPLv2
wxWindows
X11
Zlib
Zlib / MIT / BSL-1.0
Zlib AND (MIT OR Apache-2.0)
Zlib AND ISC
Zlib OR Apache-2.0
Zlib OR Apache-2.0 OR MIT
Zlib OR MIT OR Apache-2.0
zlib-acknowledgement
Zlib/Libpng
Zlib/MIT

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants