Skip to main content

License Classifications

The license-classifications.yml file holds a user-defined categorization of licenses.

You can use the example as the base configuration file for your scans.

The file consists of two sections: The first one, categories, allows defining arbitrary categories for grouping licenses. Categories have a name and an optional description; the names must be unique.

The second section, categorizations, assigns licenses to the categories defined before. Licenses are identified using SPDX identifiers. Each license can be assigned an arbitrary number of categories by listing the names of these categories. Note that only names can be used that reference one of the categories from the first section.

For a more sophisticated example of a license classification for ORT, see the generated license-classifications.yml from the LDBcollector project.

When to Use

The mechanism of assigning categories to licenses is rather generic and can be customized for specific use cases. The information from the license-classifications.yml is evaluated by the following components:

  • Rules: By defining categories like "permissive" or "public domain", rules can determine how to handle specific licenses and issue warning or error messages if problems are detected.
  • Plain text templates: Based on their associated categories, the plain text templates for generating NOTICE files can decide which licenses to include in the generated notice file.

The [license-classifications.yml example] demonstrates the intended use cases. It defines some categories that specify whether licenses are applicable to development projects. The example checks ORT results against these categories and generates issues if the rules detect a misuse.

In addition, there are some other categories to be evaluated by the templates for the notice file: The include-in-notice-file category controls whether the license requires attribution. Similarly, assigning the include-source-code-offer-in-notice-file category will ensure a written source code offer is included in the notices.

The point to take is that users can freely choose their license classifications and define their rule sets and templates accordingly to achieve the desired results. ORT does not enforce any semantics on categories; it is fully up to concrete use cases how they are interpreted. It is therefore well possible that licenses are assigned to multiple orthogonal, partly overlapping sets of categories with different meanings.

Command Line

To use the license-classifications.yml file put it to $ORT_CONFIG_DIR/license-classifications.yml or pass it to the --license-classifications-file option of the evaluator:

cli/build/install/ort/bin/ort evaluate
  -i [scanner-output-dir]/scan-result.yml
  -o [evaluator-output-dir]
  --license-classifications-file $ORT_CONFIG_DIR/license-classifications.yml
  --package-curations-file $ORT_CONFIG_DIR/curations.yml
  --rules-file $ORT_CONFIG_DIR/evaluator.rules.kts

Example

license-classifications.yml
---
# Example license-classifications.yml based on categorization from
# https://github.com/nexB/scancode-toolkit/commit/ed644e4
#
# To demonstrate how one can insert a custom written offer
# include-source-code-offer-in-notice-file has been set to
# true for all licenses of the GPL family.
categories:
- name: "copyleft"
- name: "strong-copyleft"
- name: "copyleft-limited"
- name: "permissive"
  description: "Licenses with permissive obligations."
- name: "public-domain"
- name: "include-in-notice-file"
  description: >-
    This category is checked by templates used by the ORT report generator. The licenses associated with this
    category are included into NOTICE files.
- name: "include-source-code-offer-in-notice-file"
  description: >-
    A marker category that indicates that the licenses assigned to it require that the source code of the packages
    needs to be provided.

categorizations:
- id: "AGPL-1.0"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "AGPL-1.0-only"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "AGPL-1.0-or-later"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "AGPL-3.0"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "AGPL-3.0-only"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "AGPL-3.0-or-later"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "Apache-2.0"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "Artistic-1.0"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "Artistic-2.0"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "BSD-1-Clause"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "BSD-2-Clause"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "BSD-2-Clause-FreeBSD"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "BSD-2-Clause-NetBSD"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "BSD-3-Clause"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "BSD-4-Clause"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "BSD-4-Clause-UC"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "CC-BY-1.0"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "CC-BY-2.0"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "CC-BY-2.5"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "CC-BY-3.0"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "CC-BY-4.0"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "CC0-1.0"
  categories:
  - "public-domain"
  - "include-in-notice-file"
- id: "CDDL-1.0"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "CDDL-1.1"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "EPL-1.0"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "EPL-2.0"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "EUPL-1.1"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "EUPL-1.2"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "GPL-1.0+"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-1.0-only"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-1.0-or-later"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-2.0"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-2.0+"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-2.0-only"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-2.0-only WITH Classpath-exception-2.0"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-2.0-only WITH Font-exception-2.0"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-2.0-or-later"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-3.0"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-3.0+"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-3.0-only"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "GPL-3.0-or-later"
  categories:
  - "copyleft"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "JSON"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "LGPL-2.0-only"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "LGPL-2.0-or-later"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "LGPL-2.1-only"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "LGPL-2.1-or-later"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "LGPL-3.0-only"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "LGPL-3.0-or-later"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
  - "include-source-code-offer-in-notice-file"
- id: "Libpng"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "MIT"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "MIT-0"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "MIT-feh"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "MPL-1.0"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "MPL-1.1"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "MPL-2.0"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "MS-PL"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "MS-RL"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "ODbL-1.0"
  categories:
  - "copyleft"
  - "include-in-notice-file"
- id: "OFL-1.0"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "OFL-1.1"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "OpenSSL"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "PSF"
  categories:
  - "strong-copyleft"
  - "include-in-notice-file"
- id: "Python-2.0"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "Ruby"
  categories:
  - "copyleft-limited"
  - "include-in-notice-file"
- id: "SAX-PD"
  categories:
  - "public-domain"
  - "include-in-notice-file"
- id: "Unlicense"
  categories:
  - "public-domain"
  - "include-in-notice-file"
- id: "W3C"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "WTFPL"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "X11"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "Zlib"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "bzip2-1.0.5"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "bzip2-1.0.6"
  categories:
  - "permissive"
  - "include-in-notice-file"
- id: "curl"
  categories:
  - "permissive"
  - "include-in-notice-file"