@@ -48,14 +48,6 @@ Important API changes:
4848 column to "path". The "copyright_holder" has been ranmed to "holder"
4949
5050
51- Development environment changes:
52- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
53-
54- - The license cache consistency is not checked anymore when you are using a Git
55- checkout. The SCANCODE_DEV_MODE tag file has been removed entirely. Use
56- instead the --reindex-licenses option to rebuild the license index.
57-
58-
5951Copyright detection:
6052~~~~~~~~~~~~~~~~~~~~
6153
@@ -122,7 +114,6 @@ License detection:
122114- Small, two-words matches that overlap the previous or next match by
123115 by the word "license" and assimilated are now filtered as false matches.
124116
125-
126117- The new --licenses-reference option adds a new "licenses_reference" top
127118 level attribute to a scan when using the JSON and YAML outputs. This contains
128119 all the details and the full text of every licenses seen in a file or
@@ -231,6 +222,66 @@ License Clarity Scoring Update
231222 - Scoring Weight = -20
232223
233224
225+ License Clarity Scoring Update
226+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
227+
228+ - We are moving away from the license clarity scoring defined by ClearlyDefined
229+ in the license clarity score plugin. The previous license clarity scoring
230+ logic produced a score that was misleading, where it would return a low score
231+ when scanning packages due to the stringent scoring criteria. We are now
232+ using more general criteria to get a sense of what provenance information has
233+ been provided and whether or not there is a conflict in licensing between
234+ what licenses were declared at the top-level key files and what licenses have
235+ been detected in the files under the top-level.
236+
237+ - The license clarity score is a value from 0-100 calculated by combining the
238+ weighted values determined for each of the scoring elements:
239+
240+ - Declared license:
241+
242+ - When true, indicates that the software package licensing is documented at
243+ top-level or well-known locations in the software project, typically in a
244+ package manifest, NOTICE, LICENSE, COPYING or README file.
245+ - Scoring Weight = 40
246+
247+ - Identification precision:
248+
249+ - Indicates how well the license statement(s) of the software identify known
250+ licenses that can be designated by precise keys (identifiers) as provided in
251+ a publicly available license list, such as the ScanCode LicenseDB, the SPDX
252+ license list, the OSI license list, or a URL pointing to a specific license
253+ text in a project or organization website.
254+ - Scoring Weight = 40
255+
256+ - License texts:
257+
258+ - License texts are provided to support the declared license expression in
259+ files such as a package manifest, NOTICE, LICENSE, COPYING or README.
260+ - Scoring Weight = 10
261+
262+ - Declared copyright:
263+
264+ - When true, indicates that the software package copyright is documented at
265+ top-level or well-known locations in the software project, typically in a
266+ package manifest, NOTICE, LICENSE, COPYING or README file.
267+ - Scoring Weight = 10
268+
269+ - Ambiguous compound licensing:
270+
271+ - When true, indicates that the software has a license declaration that
272+ makes it difficult to construct a reliable license expression, such as in
273+ the case of multiple licenses where the conjunctive versus disjunctive
274+ relationship is not well defined.
275+ - Scoring Weight = -10
276+
277+ - Conflicting license categories:
278+
279+ - When true, indicates the declared license expression of the software is in
280+ the permissive category, but that other potentially conflicting categories,
281+ such as copyleft and proprietary, have been detected in lower level code.
282+ - Scoring Weight = -20
283+
284+
234285Outputs:
235286~~~~~~~~
236287
@@ -251,13 +302,26 @@ Changes:
251302- add resource-level attribute `for_packages `.
252303- remove `package-data ` attribute `root_path `.
253304
305+
254306Documentation Update
255307~~~~~~~~~~~~~~~~~~~~~~~~
256308
257309- Various documentations have been updated to reflects API changes and
258310 correct minor documentation issues.
259311
260312
313+ Development environment changes:
314+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
315+
316+ - The license cache consistency is not checked anymore when you are using a Git
317+ checkout. The SCANCODE_DEV_MODE tag file has been removed entirely. Use
318+ instead the --reindex-licenses option to rebuild the license index.
319+
320+ - We can now regenerate updated test fixtures using the new SCANCODE_REGEN_TEST_FIXTURES
321+ environemnt variable. There is no need to replace the regen=False with regen=True
322+ in the code.
323+
324+
26132530.1.0 - 2021-09-25
262326--------------------
263327
0 commit comments