-
Notifications
You must be signed in to change notification settings - Fork 579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecated license: GFDL-1.2+ #1899
Comments
Thanks @vargenau - I'll add this to the license and format specific chores I have today and try and get an updated license list PR added |
Following up on this - we are using the latest license list - however when processing spdx license expressions syft does not do any kind of upgrade path for expressions lifted from source files
I think the correct course of action here is to have the maintainer of libunitstring2 upgrade their license expression to use a non deprecated license. I'm also looking at our deprecated license logic and noted that gfdl is not being captured so that might be an edge case worth adding to our generation logic. Let me know if you have other thoughts @vargenau and I can take a look at what kind of edits we would need to modify package license expressions. Here is the license file where the offending depreciated license is being picked up: |
@spiffcs |
What happened:
Output contains deprecated license
GFDL-1.2+
What you expected to happen:
It should be:
GFDL-1.2-or-later
Steps to reproduce the issue:
bitnami-mongodb-sharded-6.0-debian-11.spdx.txt
Anything else we need to know?:
Environment:
syft version
: 0.84.0cat /etc/os-release
or similar): Ubuntu 23.04The text was updated successfully, but these errors were encountered: