forked from oss-review-toolkit/ort
-
Notifications
You must be signed in to change notification settings - Fork 0
/
curations.yml
70 lines (63 loc) · 2.76 KB
/
curations.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
---
# Example for a complete curation object:
#- id: "Maven:org.hamcrest:hamcrest-core:1.3"
# curations:
# comment: "An explanation why the curation is needed or the reasoning for a license conclusion."
# concluded_license: "Apache-2.0 OR BSD-3-Clause" # Valid SPDX license expression to override the license findings.
# declared_license_mapping:
# "Copyright (C) 2013, Martin Journois": "NONE"
# "BSD": "BSD-3-Clause"
# description: "Curated description."
# homepage_url: "http://example.com"
# binary_artifact:
# url: "http://example.com/binary.zip"
# hash: "ddce269a1e3d054cae349621c198dd52"
# hash_algorithm: "MD5"
# source_artifact:
# url: "http://example.com/sources.zip"
# hash: "ddce269a1e3d054cae349621c198dd52"
# hash_algorithm: "MD5"
# vcs:
# type: "Git"
# url: "http://example.com/repo.git"
# revision: "1234abc"
# path: "subdirectory"
# is_meta_data_only: true # Whether the package is metadata only.
# is_modified: true # Whether the package is modified compared to the original source.
- id: "Maven:asm:asm" # No version means the curation will be applied to all versions of the package.
curations:
comment: "Repository moved to https://gitlab.ow2.org."
vcs:
type: "Git"
url: "https://gitlab.ow2.org/asm/asm.git"
- id: "NPM::ast-traverse:0.1.0"
curations:
comment: "Revision found by comparing the NPM package with the sources from https://github.com/olov/ast-traverse."
vcs:
revision: "f864d24ba07cde4b79f16999b1c99bfb240a441e"
- id: "NPM::ast-traverse:0.1.1"
curations:
comment: "Revision found by comparing the NPM package with the sources from https://github.com/olov/ast-traverse."
vcs:
revision: "73f2b3c319af82fd8e490d40dd89a15951069b0d"
- id: "NPM::ramda:[0.21.0,0.25.0]" # Ivy-style version matchers are supported.
curations:
comment: >-
The package is licensed under MIT per `LICENSE` and `dist/ramda.js`. The project logo is CC-BY-NC-SA-3.0 but it is
not part of the distributed .tar.gz package, see the `README.md` which says:
"Ramda logo artwork © 2014 J. C. Phillipps. Licensed Creative Commons CC BY-NC-SA 3.0."
concluded_license: "MIT"
- id: "Maven:org.jetbrains.kotlin:kotlin-bom"
curations:
comment: "The package is a Maven BOM file and thus is metadata only."
is_meta_data_only: true
- id: "PyPI::pyramid-workflow:1.0.0"
curations:
comment: "The package has an unmappable declared license entry."
declared_license_mapping:
"BSD-derived (http://www.repoze.org/LICENSE.txt)": "LicenseRef-scancode-repoze"
- id: "PyPI::branca"
curations:
comment: "A copyright statement was used to declare the license."
declared_license_mapping:
"Copyright (C) 2013, Martin Journois": "NONE"