License choice is not respected when generating NOTICE file #8438

maklostermann · 2024-03-18T15:47:25Z

Using license choice (either for package or repository) to select one of two available licenses, e.g.:

license_choices:
  repository_license_choices:
    - given: "Apache-2.0 OR LGPL-2.1-only"
      choice: "Apache-2.0"

The Web App report's table shows "Apache-2.0" as effective, "Apache-2.0, LGPL-2.1-only" as detected license, as expected.

However, the NOTICE_DEFAULT still lists both licenses:

Package: net.java.dev.jna:jna:5.3.1

The following copyrights and licenses were found in the source code of this package:

                                 Apache License
[...]
  --

                  GNU LESSER GENERAL PUBLIC LICENSE
[...]

Note: There is no copyright as there was no scan. The analyzer already lists the licenses (from Maven).

We currently work around this issue by concluding the license with a curation instead of choosing it.

The text was updated successfully, but these errors were encountered:

sschuberth added bug Issues that are considered to be bugs reporter About the reporter tool labels Mar 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

License choice is not respected when generating NOTICE file #8438

License choice is not respected when generating NOTICE file #8438

maklostermann commented Mar 18, 2024 •

edited

License choice is not respected when generating NOTICE file #8438

License choice is not respected when generating NOTICE file #8438

Comments

maklostermann commented Mar 18, 2024 • edited

maklostermann commented Mar 18, 2024 •

edited