A database with meta data for FOSS licenses adding useful information to existing licenses aiming at simplifying compliance work. The meta data consists of:
-
other names or aliases for licenses (e.g. "GNU GPL v. 2" is replaced by "GPL-2.0-only")
-
fixes for compound license written as one single license or using faulty syntax (e.g. "GPL-2.0-with-classpath-exception" -> "GPL-2.0-only WITH Classpath-exception-2.0")
-
other names for operators (e.g. "||" is replaced by "OR")
-
translation of license with dual license features to a compound license expression (e.g. "GPL-2.0-or-later" -> "GPL-2.0-only OR GPL-3.0-only")
-
compatibility as another license (e.g. "X11-Style (Keith Packard)" is compatibility wise the same as "HPND")
-
ambiguous license name (e.g. "GNU General Public License", which misses the version number)
-
license text
There are lots of software licenses out there (e.g. see ScanCode LicenseDB), some of them are FOSS and some not. In this project we primarily focus on FOSS licenses.
When you're working with compliance you are used to liceses called differently in source code or by tools (e.g. GPLv2
, GPL (v2)
and GNU General Public License Version 2
) when all you really want too see is the SPDX identifier GPL-2.0-only
. A seasoned compliance engineer or lawyer knows this already, but we need this information machine readable.
Another problem you face when working with compliance is the need to check whether the licenses in a combined work are compatible. One example is the X11-Style (Keith Packard)
license, which really is the same license as the Historical Permission Notice and Disclaimer - sell variant. X11-Style (Keith Packard)
is not supported in for example the OSADL matrix, but HPND-sell-variant
is. Again, a seasoned license engineer or lawyer knows which licenses are compatible and not, but we need to make it possible for a machine to assist us.
This projet aims at providing a database with:
-
"all" different names for a license in a database
-
mappings from one license to another license which is supported by the OSADL matrix
and, to make the database easier to use:
-
a Python API
-
command line tool
The data can be found in the var directory. Each license has a JSON file with meta information and a LICENSE file with the license text.
-
flame - command line program
You are more than welcome to contribute.
It would be great if you could check the licenses and feedback us (see HOW below).
If you find a bug and have a fix or have written a new feature you want addded. Create a PR and we'll have a look..
We need input from you on how you use or would like to use foss-licenses.
Do you miss a license that you want support for. Create an issue with the following information:
-
SPDX identifier (if any)
-
Scancode identifier (if any)
-
License text (or a URL)
-
Aliases you would like to add (if any)
-
Same compatibility as another license (if any)
-
create an issue
-
create PR for code or license contributions
We do not have a CLA or similar, but we assume your contributions are made under our license (for the code and data).
-
flict - FOSS License Compatibility Tool
-
License Compatibility Matrix - a matrix with license compatibilities
-
scancode - ScanCode toolkit
-
ScanCode LicenseDB - a database with licenses
-
Nexb for their FOSS compliance tools, especially scancode and ScanCode LicenseDB.
-
OSADL for their License Compatibility Matrix
We fix your license expressions with the following methods (listed in order)
With our database we can replace a license like "GPLv2+" to the SPDX identifier "GPL-2.0-or-later". We do this by searching for needles and replace them. To search for needles, in our case license expressions, (e.g. "BSD 0-Clause") to replace (with e.g. "0BSD") we use the following strategy:
-
list all needles in order of length, longest first
-
for each needle find and replace
This is a naive approach but given the limited data at hand it should work.
Some compound licenses (e.g. "GPL-2.0-only WITH
Classpath-exception-2.0") are stated incorrectly (e.g. "GPL-2.0-only
AND Classpath-exception-2.0") or as a singe license
(""GPL-2.0-with-classpath-exception). The license expression is
scanned for licenses as listed in var/compounds.json
and replaced
accordingly.
The license expression is scanned for operators as listed in
var/operators.json
and replaced accordingly (e.g. "||" is replaced
by "OR").
Some licenses have a built in dual license feature (e.g. "GPL-2.0-or-later"). We replace such licenses with the corresponding dual licenses.
As an example: "GPL-2.0-or-later" is replacde by "(GPL-2.0-only OR GPL-3.0-only")
Some licenses are not supported by the OSADL license matrix (e.g. "X11-Style (Keith Packard)") but the license is very similar and has the same compatibility towards other licenses as another license (e.g. "HPND").
To allow for tools (e.g. flict) to check compatibility of an inbound license expression against an outbound license expression we replace the unknown license with the known and with same compatibility.
See Python API
You can extend flame, the command line program, in two different ways:
-
using the option
additional-license-dir
-
using the environment variable
FLAME_USER_CONFIG
Assuming you want to extend flame with the licenses located in the directory more-licenses
and then list the licenses (using the command licenses
):
flame --additional-license-dir more-licenses licenses
You have a config file, called flame-config.json
, with the variable additional-license-dir
set to more-licenses
, like this:
{
"additional-license-dir": "./more-licenses/"
}
then you can start flame
to read the config file like this:
FLAME_USER_CONFIG=flame-config.json flame licenses