Ensure that all the licenses in https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix are tracked or detected

[pombredanne]

See https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix

[DennisClark]

Analysis-in-progress. We of course already track all the licenses that have an spdx-id. Checking the others in the file.

[DennisClark]

Here is the list of licenses from licenses.nix that I was able to map to the ScanCode LicenseDB. We need to ensure that our license detection rules point to these licenses. Note that a few of them actually point to existing SPDX licenses and we should possibly notify the NixOS project to update their list to reference the SPDX identifier.

licenses.nix-id				current LicenseRef-scancode

acsl14						LicenseRef-scancode-anti-capitalist-1.4
amazonsl					LicenseRef-.amazon.com.-AmznSL-1.0			
aom						LicenseRef-scancode-alliance-open-media-patent-1.0
capec						LicenseRef-scancode-capec-tou
cockroachdb-community-license	LicenseRef-scancode-cockroach
commons-clause				LicenseRef-scancode-commons-clause
ffsl							LicenseRef-scancode-ffsl-1
free							LicenseRef-scancode-free-unknown
fsl11Mit						LicenseRef-scancode-fsl-1.1-mit
fsl11Asl20					LicenseRef-scancode-fsl-1.1-apache-2.0
gfl							LicenseRef-scancode-gust-font-1.0
gfsl							LicenseRef-scancode-gust-font-2006-09-30
fairsource09					LicenseRef-scancode-fair-source-0.9
issl							LicenseRef-scancode-issl-2022
llgpl21						LLGPL
nvidiaCuda					LicenseRef-scancode-nvidia-sdk-12.8
nvidiaCudaRedist				LicenseRef-scancode-nvidia-sdk-12.8
publicDomain					LicenseRef-scancode-public-domain
purdueBsd					lsof
prosperity30					LicenseRef-scancode-prosperity-3.0
qwt							Qwt-exception-1.0
smail						SMAIL-GPL
sspl							SSPL
stk							LicenseRef-scancode-synthesis-toolkit
sustainableUse				LicenseRef-scancode-sustainable-use-1.0
tsl							LicenseRef-scancode-tsl-2020
virtualbox-puel				LicenseRef-scancode-oracle-vb-puel-12
vol-sl						LicenseRef-scancode-volatility-vsl-v1.0

[DennisClark]

Here is the list of licenses from licenses.nix that I was NOT able to map to the ScanCode LicenseDB. I will be adding them to DejaCode; that process might discover that they are really defined some other way, in which case we fix the detection mapping. It's also possible that the suggested value for the LicenseRef-scancode-* may be improved.

New (work-in-progress)
licenses.nix-id					New LicenseRef-scancode

activision						LicenseRef-scancode-activision-eula
amd								LicenseRef-scancode-amd-license
bola11							LicenseRef-scancode-bola11
caossl							LicenseRef-scancode-ca-tosl-1.0
eapl							LicenseRef-scancode-epson-avasys-pl
epson							LicenseRef-scancode-epson-linux-sla
g4sl							LicenseRef-scancode-geant4-sl
geogebra						LicenseRef-scancode-geogebra-ncla
generaluser						LicenseRef-scancode-generaluser-gs-2.0
inria-compcert					LicenseRef-scancode-inria-compcert
inria-icesl						LicenseRef-scancode-inria-icesl
inria-zelus						LicenseRef-scancode-inria-zelus
databricks						LicenseRef-scancode-databricks
databricks-dbx					LicenseRef-scancode-databricks-dbx
databricks-license				LicenseRef-scancode-databricks-license
lens							LicenseRef-scancode-k8slens-tos
obsidian						LicenseRef-scancode-obsidian-eula
ocamlpro_nc						LicenseRef-scancode-ocamlpro-nc
postman							LicenseRef-scancode-postman-eula
radiance						LicenseRef-scancode-radiance
sgmlug							LicenseRef-scancode-sgmlug
sudo							LicenseRef-scancode-sudo
teamspeak						LicenseRef-scancode-teamspeak
tost							LicenseRef-scancode-tost
ucd								LicenseRef-scancode-ucd
unfree							LicenseRef-scancode-unfree
unfreeRedistributable			LicenseRef-scancode-unfree-redistributable
unfreeRedistributableFirmware	LicenseRef-scancode-unfree-Redistributable-firmware
wadalab							LicenseRef-scancode-wadalab

[DennisClark]

Here is a list of licenses from licenses.nix that have been deprecated by SPDX and deprecated in the ScanCode LicenseDB as well. These have been superceded by exceptions. @AyanSinhaMahapatra We can possibly handle these with detections that map them to a complete license expression (license WITH exception).

  gpl2ClasspathPlus = {
    fullName = "GNU General Public License v2.0 or later (with Classpath exception)";
    url = "https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception";
  };

  gpl2Oss = {
    fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
    url = "https://www.mysql.com/about/legal/licensing/foss-exception";
  };

  gpl3ClasspathPlus = {
    fullName = "GNU General Public License v3.0 or later (with Classpath exception)";
    url = "https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception";
  };

[DennisClark]

The following entry in licenses.nix contains a URL that no longer exists and should be mapped to LicenseRef-scancode-proprietary-license

  amd = {
    fullName = "AMD License Agreement";
    url = "https://developer.amd.com/amd-license-agreement/";
    free = false;
  };

[DennisClark]

The following licenses identified in licenses.nix do not have a corresponding value for spdxId in that file but analysis of the associated license texts determined that the following relationships exist:

licenses.nix-id					current SPDX identifier
llgpl21							LLGPL
purdueBsd						lsof
qwt								Qwt-exception-1.0
smail							SMAIL-GPL
sspl							SSPL
tost							Pixar

These licenses are already in the ScanCode LicenseDB. @AyanSinhaMahapatra We need to confirm that they
are properly detected. We should also communicate with the NixOS team to update the licenses.nix file with these SPDX identifiers (spdxId).

[DennisClark]

The following licenses identified in licenses.nix have a corresponding value in the ScanCode LicenseDB although they are not in the SPDX list. @AyanSinhaMahapatra We need to confirm that they are properly detected. We should also communicate with the NixOS team to update the licenses.nix file with the LicenseDB URL values.

licenses.nix-id					current LicenseRef-scancode
acsl14							LicenseRef-scancode-anti-capitalist-1.4
amazonsl						LicenseRef-.amazon.com.-AmznSL-1.0			
amd								LicenseRef-scancode-proprietary-license
aom								LicenseRef-scancode-alliance-open-media-patent-1.0
capec							LicenseRef-scancode-capec-tou
cockroachdb-community-license	LicenseRef-scancode-cockroach
commons-clause					LicenseRef-scancode-commons-clause
ffsl							LicenseRef-scancode-ffsl-1
free							LicenseRef-scancode-free-unknown
fsl11Mit						LicenseRef-scancode-fsl-1.1-mit
fsl11Asl20						LicenseRef-scancode-fsl-1.1-apache-2.0
gfl								LicenseRef-scancode-gust-font-1.0
gfsl							LicenseRef-scancode-gust-font-2006-09-30
fairsource09					LicenseRef-scancode-fair-source-0.9
issl							LicenseRef-scancode-issl-2022
nvidiaCuda						LicenseRef-scancode-nvidia-sdk-12.8
nvidiaCudaRedist				LicenseRef-scancode-nvidia-sdk-12.8
publicDomain					LicenseRef-scancode-public-domain
prosperity30					LicenseRef-scancode-prosperity-3.0
stk								LicenseRef-scancode-synthesis-toolkit
sustainableUse					LicenseRef-scancode-sustainable-use-1.0
teamspeak						LicenseRef-scancode-proprietary-license
tsl								LicenseRef-scancode-tsl-2020
virtualbox-puel					LicenseRef-scancode-oracle-vb-puel-12
vol-sl							LicenseRef-scancode-volatility-vsl-v1.0
unfree							LicenseRef-scancode-proprietary-license
unfreeRedistributable			LicenseRef-scancode-proprietary-license
unfreeRedistributableFirmware	LicenseRef-scancode-proprietary-license

Note, by the way, that a few of the licenses, in my judgment, were not well defined so I mapped them to LicenseRef-scancode-proprietary-license. There might be some value in refining that, but I think the generic license is the best approach at this time.

[DennisClark]

The following licenses identified in licenses.nix do not currently have equivalents in the LicenseDB or in the SPDX license list. I have created new licenses in DejaCode enterprise and public. @AyanSinhaMahapatra Please synchronize when you have time, thanks!

licenses.nix-id					New LicenseRef-scancode
activision						LicenseRef-scancode-activision-eula
bola11							LicenseRef-scancode-bola11
caossl							LicenseRef-scancode-ca-ossl-1.0
eapl							LicenseRef-scancode-epson-avasys-pl-2008
epson							LicenseRef-scancode-epson-linux-sla-2023
g4sl							LicenseRef-scancode-geant4-sl-1.0
geogebra						LicenseRef-scancode-geogebra-ncla-2022
generaluser						LicenseRef-scancode-generaluser-gs-2.0
inria-compcert					LicenseRef-scancode-inria-compcert
inria-icesl						LicenseRef-scancode-inria-icesl
inria-zelus						LicenseRef-scancode-inria-zelus
databricks						LicenseRef-scancode-databricks-db
databricks-dbx					LicenseRef-scancode-databricks-dbx-2021
databricks-license				LicenseRef-scancode-databricks-db
lens							LicenseRef-scancode-lens-tos-2023
obsidian						LicenseRef-scancode-obsidian-tos-2025
ocamlpro_nc						LicenseRef-scancode-ocamlpro-nc-v1
postman							LicenseRef-scancode-postman-tos-2024
radiance						LicenseRef-scancode-radiance-sl-v2.0
sgmlug							LicenseRef-scancode-sgmlug
sudo							LicenseRef-scancode-sudo
ucd								LicenseRef-scancode-unicode-ucd
wadalab							LicenseRef-scancode-wadalab