Dear Open Hub Users,
We’re excited to announce that we will be moving the Open Hub Forum to
https://community.blackduck.com/s/black-duck-open-hub.
Beginning immediately, users can head over,
register,
get technical help and discuss issue pertinent to the Open Hub. Registered users can also subscribe to Open Hub announcements here.
On May 1, 2020, we will be freezing https://www.openhub.net/forums and users will not be able to create new discussions. If you have any questions and concerns, please email us at
info@openhub.net
Hi,
For our project (https://www.ohloh.net/p/re-motion), ohloh reports three potential conflicts between the GPL and other versions. How can we find out what files are responsible for those warnings?
We're pretty confident that all of our code is LGPL 3 and Affero GPL 3.0, although we link libraries released under other licenses (but only in a compatible way). How can we find the source files that are responsible for those warnings?
We know that we link SharpZipLip, which is released under the GPL but with a bunch of exceptions that make linking it as a library more flexible. We also have NUnit packaged in our repository as a build prerequisite, which contains a GPL license file, but we don't link files under that license.
If we find that ohloh only flags our project because of the build prerequisites or SharpZipLib, which do not constitute a problem, how do we get rid of the warnings?
Edit: 2009-09-29 16:36
In addition, ohloh displays (or rather links to) the wrong version of the Affero GPL for our project on the Code Analysis page, it should be Affero GPL 3.0.
Thanks,
Fabian
Hi Fabian,
Sorry for the delayed response, I missed your post the first time around.
Ohloh's license detection does not reason about multi-license scenarios. It can identify that two or more licenses are present in a file, but it bravely assumes that all of the licenses must apply, not any one of the licenses.
Since your initial post, Ohloh has made a change. We've stopped putting warnings on projects with potential GPL conflicts. We had too many false positives here, and the surface area was too great to solve them all. So the warnings are gone, and won't be back.
These are the files in which Ohloh found GPL 2.0. Sadly, it is not possible to see this list on the web site, but I am happy to run the query when asked:
prereq/Tools/Selenium/jsunit/app/xbDebug.js
prereq/Tools/Selenium/jsunit/licenses/index.html
prereq/Tools/Selenium/strands/compiler.js
prereq/Tools/Selenium/strands/strands.js
Remotion/ObjectBinding/Web/Res/HTML/BocAutoCompleteReferenceValue.jquery.js
Remotion/ObjectBinding/Web/Res/Themes/Legacy/HTML/BocAutoCompleteReferenceValue.jquery.js
Remotion/Web/Core/Res/HTML/jquery.bgiframe.min.js
Remotion/Web/Core/Res/HTML/jquery.js
I took a look, and it appears that all of these files are actually dual (or triple) licensed, so while it's correct that these files contain GPL 2.0, they all also include alternatives that avoid GPL conflicts.
Ohloh's automatic license detector also does not distinguish between versions of the Affero license, and always assumes a default version, which means 2.0. There is currently an open ticket to improve the Affero detection.
Let me know if there are any questions I've left unanswered.
Thanks,
Robin
Hi Robin,
Thank you for reacting on my post. For us, it's good to hear that you've removed those warnings, as we were one of those false positives.
I think we can live with Ohloh listing the (dual) licenses of components we reference even though our actual project is not licensed under these terms. It would be nice to see the actual files, though, not only the numbers. (I understand this is not possible now, but it would make a nice feature.)
Regards,
Fabian