From 404714502995114fbd76b8b82cebc772fa3698a3 Mon Sep 17 00:00:00 2001 From: Weimin Yu Date: Mon, 28 Oct 2019 13:32:42 -0400 Subject: [PATCH] Restrict "Public Domain" license acceptance (#329) "Public Domain" license must be reviewed case by case. Removed blanket acceptance and named accepted dependencies individually. Also added a README file to warn about this license and WTFPL. --- config/dependency-license/README.md | 16 ++++++++++++++++ config/dependency-license/allowed_licenses.json | 9 +++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 config/dependency-license/README.md diff --git a/config/dependency-license/README.md b/config/dependency-license/README.md new file mode 100644 index 000000000..ee1e13186 --- /dev/null +++ b/config/dependency-license/README.md @@ -0,0 +1,16 @@ +## Summary + +This folder contains configuration files for the gradle-license-report plugin: + +* allowed_licenses.json declares the acceptable licenses. A license may have + multiple entries in this file, since the 'moduleLicense' property value must + match exactly the phrases found in pom or manifest files. +* license_normalizer_bundle.json configures normalization rules for license + reporting. + +## Notes About Adding New Licenses + +* The WTFPL license is not allowed. + +* Each 'Public Domain' license entry must include a specific 'moduleName'. Do + not omit moduleName or use wildcards. diff --git a/config/dependency-license/allowed_licenses.json b/config/dependency-license/allowed_licenses.json index 0f1114e4e..d20e88a41 100644 --- a/config/dependency-license/allowed_licenses.json +++ b/config/dependency-license/allowed_licenses.json @@ -3,6 +3,9 @@ { "moduleLicense": "Apache Software License, Version 1.1" }, + { + "moduleLicense": "Apache Software License, version 1.1" + }, { "moduleLicense": "Apache 2" }, @@ -211,10 +214,12 @@ "moduleLicense": "Mozilla Public License Version 2.0" }, { - "moduleLicense": "Public Domain" + "moduleLicense": "Public Domain", + "moduleName": "aopalliance:aopalliance" }, { - "moduleLicense": "PUBLIC DOMAIN" + "moduleLicense": "Public Domain", + "moduleName": "org.tukaani:xz" }, { "moduleLicense": "The W3C Software License"