Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update SPDX license data to 3.26.0 #234

Merged
merged 3 commits into from
Jan 7, 2025
Merged

update SPDX license data to 3.26.0 #234

merged 3 commits into from
Jan 7, 2025

Conversation

cbgbt
Copy link
Contributor

@cbgbt cbgbt commented Jan 3, 2025
edited
Loading

Description of changes:
Updates to the latest SPDX license definitions.

license-scan: allow skipping directories in scanned sources

This is useful for scanning the source directory filled with sample
license texts in the spdx crate itself.

license-scan: add latest spdx license data

The latest SPDX data includes the Pixar license, which is a modified
Apache-2.0 license. This rare license often confuses the scanner when it
encounters the common Apache-2.0 license, so a new config option
`spdx.ignore-licenses` has been added to ignore specific licenses from
the input SPDX data.

update SPDX license data to 3.26.0

This is needed to unblock Rust updates in Bottlerocket, as the current definitions do not contain the Unicode-3.0 license.

Unblocks bottlerocket-os/bottlerocket-core-kit#331.

Testing is currently blocked because my build of the go toolchain fails locally.

Testing done:

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@cbgbt cbgbt mentioned this pull request Jan 3, 2025
Merged
4 tasks
@cbgbt
Copy link
Contributor Author

cbgbt commented Jan 3, 2025

This is currently blocked due to #236

@cbgbt cbgbt changed the title update SPDX license data to 3.25.0 update SPDX license data to 3.26.0 Jan 3, 2025
@cbgbt cbgbt requested review from bcressey, jpculp and yeazelm January 3, 2025 22:05
@cbgbt
Copy link
Contributor Author

cbgbt commented Jan 3, 2025

^ Rebase atop develop

cbgbt added 2 commits January 3, 2025 23:45
@cbgbt
license-scan: add latest spdx license data
af659f1 
The latest SPDX data includes the Pixar license, which is a modified
Apache-2.0 license. This rare license often confuses the scanner when it
encounters the common Apache-2.0 license, so a new config option
`spdx.ignore-licenses` has been added to ignore specific licenses from
the input SPDX data.
@cbgbt
license-scan: allow skipping directories in scanned sources
c37b7e0 
This is useful for scanning the source directory filled with sample
license texts in the spdx crate itself.
@cbgbt
Copy link
Contributor Author

cbgbt commented Jan 3, 2025

^ Split into more commits per feedback from @jpculp

@cbgbt cbgbt mentioned this pull request Jan 4, 2025
Closed
2 tasks
@cbgbt cbgbt marked this pull request as ready for review January 5, 2025 04:25
@cbgbt cbgbt merged commit 11590a1 into bottlerocket-os:develop Jan 7, 2025
1 check passed
@cbgbt cbgbt deleted the spdx-3.25.0 branch January 7, 2025 23:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yeazelm yeazelm yeazelm approved these changes

@jpculp jpculp jpculp approved these changes

@bcressey bcressey Awaiting requested review from bcressey

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cbgbt @jpculp @yeazelm