Document License Compliance limitations for multi licensed dependencies
Note to wider-community, sales, support and customer success
As always we welcome contributions so feel free to ask questions @NicoleSchwartz if you are unsure about what needs to be done here and want to contribute the fix yourself!
NOTE if you are a user who also would like to see this feature, please UPVOTE
If you are a team member commenting on behalf of a user (not ideal, as you can only upvote once!) Please remember to upvote and include as much information (what they are trying to solve for, their setup) as possible in addition to a salesforce or zendesk link.
Summary
License Compliance detects a violation on multi licensed projects, even if a valid one is found
Steps to reproduce
Create a project that has a dependency with 2 licenses, that the user can choose herself. For example logback http://logback.qos.ch/license.html
Mark one of the licenses as allowed, the other as prohibited. The dependency should be allowed, since the license is not violated, but the license violation is listed.
Example Project
https://gitlab.com/tisoft/multiple-license-compliance-test
https://gitlab.com/tisoft/multiple-license-compliance-test/-/licenses#licenses
https://gitlab.com/tisoft/multiple-license-compliance-test/pipelines/150839914/licenses
What is the current bug behavior?
A dependency with multiple licenses is shown as prohbited, if one of the licenses is prohobited.
What is the expected correct behavior?
A dependency with multiple licenses is shown as allowed, if at least one of the licenses is allowed.
Output of checks
This bug happens on GitLab.com
Implentation plan
-
update License Compliance documentation to inform on our limited support of composite license. We currently can "read" composite license but always consider them as combined with a AND
. The ability to support other operators (OR
,WITH
) will be coverered in &6571 (closed) and the documentation should point to it.