Giters

github / licensed

A Ruby gem to cache and verify the licenses of dependencies

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

False review_changed_license when release changed.

schmidtw opened this issue · comments

commented

I just ran into a falsely flagged license change review request. The licenses and patent files are both identical in the cache except the version.

Old cached file:

---
name: golang.org/x/sys/unix
version: v0.1.0
type: go
summary: Package unix contains an interface to the low-level operating system primitives.
homepage: https://pkg.go.dev/golang.org/x/sys/unix
license: other
licenses:
- sources: sys@v0.1.0/LICENSE
  text: |
    Copyright (c) 2009 The Go Authors. All rights reserved.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are
    met:

       * Redistributions of source code must retain the above copyright
    notice, this list of conditions and the following disclaimer.
       * Redistributions in binary form must reproduce the above
    copyright notice, this list of conditions and the following disclaimer
    in the documentation and/or other materials provided with the
    distribution.
       * Neither the name of Google Inc. nor the names of its
    contributors may be used to endorse or promote products derived from
    this software without specific prior written permission.

    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- sources: sys@v0.1.0/PATENTS
  text: |
    Additional IP Rights Grant (Patents)

    "This implementation" means the copyrightable works distributed by
    Google as part of the Go project.

    Google hereby grants to You a perpetual, worldwide, non-exclusive,
    no-charge, royalty-free, irrevocable (except as stated in this section)
    patent license to make, have made, use, offer to sell, sell, import,
    transfer and otherwise run, modify and propagate the contents of this
    implementation of Go, where such license applies only to those patent
    claims, both currently owned or controlled by Google and acquired in
    the future, licensable by Google that are necessarily infringed by this
    implementation of Go.  This grant does not include claims that would be
    infringed only as a consequence of further modification of this
    implementation.  If you or your agent or exclusive licensee institute or
    order or agree to the institution of patent litigation against any
    entity (including a cross-claim or counterclaim in a lawsuit) alleging
    that this implementation of Go or any code incorporated within this
    implementation of Go constitutes direct or contributory patent
    infringement, or inducement of patent infringement, then any patent
    rights granted to you under this License for this implementation of Go
    shall terminate as of the date such litigation is filed.
notices: []

New file:

name: golang.org/x/sys/unix
version: v0.2.0
type: go
summary: Package unix contains an interface to the low-level operating system primitives.
homepage: https://pkg.go.dev/golang.org/x/sys/unix
license: other
review_changed_license: true
licenses:
- sources: sys@v0.2.0/LICENSE
  text: |
    Copyright (c) 2009 The Go Authors. All rights reserved.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are
    met:

       * Redistributions of source code must retain the above copyright
    notice, this list of conditions and the following disclaimer.
       * Redistributions in binary form must reproduce the above
    copyright notice, this list of conditions and the following disclaimer
    in the documentation and/or other materials provided with the
    distribution.
       * Neither the name of Google Inc. nor the names of its
    contributors may be used to endorse or promote products derived from
    this software without specific prior written permission.

    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- sources: sys@v0.2.0/PATENTS
  text: |
    Additional IP Rights Grant (Patents)

    "This implementation" means the copyrightable works distributed by
    Google as part of the Go project.

    Google hereby grants to You a perpetual, worldwide, non-exclusive,
    no-charge, royalty-free, irrevocable (except as stated in this section)
    patent license to make, have made, use, offer to sell, sell, import,
    transfer and otherwise run, modify and propagate the contents of this
    implementation of Go, where such license applies only to those patent
    claims, both currently owned or controlled by Google and acquired in
    the future, licensable by Google that are necessarily infringed by this
    implementation of Go.  This grant does not include claims that would be
    infringed only as a consequence of further modification of this
    implementation.  If you or your agent or exclusive licensee institute or
    order or agree to the institution of patent litigation against any
    entity (including a cross-claim or counterclaim in a lawsuit) alleging
    that this implementation of Go or any code incorporated within this
    implementation of Go constitutes direct or contributory patent
    infringement, or inducement of patent infringement, then any patent
    rights granted to you under this License for this implementation of Go
    shall terminate as of the date such litigation is filed.
notices: []

Running diff between the two shows only changes of v0.1.0 to v0.2.0 and nothing else. The upstream sources have also not changed since 2012.

I'm using version 3.9.0.

commented

@schmidtw thanks for the report! is this a critical or blocking issue, or can it wait a day or two before someone takes a look?

commented

@schmidtw thanks again for the report, and sorry this took so long to look into. I've opened #578 with the fix for the issue and will release the fix in version 3.9.1 soon.

commented

I was away from a computer for a few days & was delighted to see this fix. Thank you!