Review of (un-)ambiguous declared license mappings

[marikanieminen]

Reasonings for moving any mappings from unambiguous to ambiguous comprise of the following:

• Mapping is incorrect / might be incorrect
  o The mapped text refers to a modified version of the license
  o The mapped text refers to a completely different license
• Mapping is ambiguous on the part of missing version numbering
  o if license only has one version, I found it not to be ambiguous
• The mapped text contains a link that does not function hence the accuracy cannot be evaluated
• The mapped text contains mention of multiple licenses and does not specify whether these both or either apply (AND/OR)
• The mapped text, e.g. an acronym, could be referring to multiple different licenses and it is not clear which is meant

[sschuberth]

FYI @oss-review-toolkit/core-devs, Marika works at HH Partners and has legal background.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.16%. Comparing base (2f9af0e) to head (9203407).
Report is 1192 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##               main    #8139   +/-   ##
=========================================
  Coverage     67.16%   67.16%           
  Complexity     2052     2052           
=========================================
  Files           358      358           
  Lines         17166    17166           
  Branches       2462     2462           
=========================================
  Hits          11530    11530           
  Misses         4613     4613           
  Partials       1023     1023           

Flag	Coverage Δ
funTest-non-docker	33.96% <ø> (ø)
test	37.01% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[tsteenbe]

I applaud Marika for her first contribution to ORT. The contents of this file requires us as community to define some clear governance rules and we need to define as a community to avoid endless discussions. I propose to halt this PR until rules are defined and I would appreciate it if @marikanieminen could help us define such rules with the community.

[sschuberth]

The contents of this file requires us as community to define some clear governance rules and we need to define as a community to avoid endless discussions.

Note that "define as a community" and "avoid endless discussions" are usually somewhat contradicting, depending on the size of the community. The more people you involve, the harder it gets to reach a consensus. Therefore I propose to decide by ORT TSC majority vote.

My proposal for the concrete mapping is as follows: In general, we should aim for only listing 100% clear license strings as unambiguous, no fuzzyness or room for interpretation here. And that should hold for past, current, and future times.

That is (out of my head, no guarantee for completeness yet),

• I'd disagree with "if license only has one version, I found it not to be ambiguous" as that could change in the future if a new version of a license gets published, which would require us to update the mapping (if we even realize that a new version of a license is published),
• an entry without a version although the license is versioned cannot be unambiguous,
• an entry with only a major version, esp. if there are multiple versions of the license, cannot be unambiguous no matter how "common" a specific minor version of the license may be,
• URLs, unless permalinks, cannot be unambiguous as their contents might change over time,
• an entry that refers to a project name only cannot be unambiguous as the project might change its license,
• an entry that refers to other files, like LICENSE, cannot be unambiguous as the contents of the file might change.

On the other hand,

• clear acronyms should be accepted as unambiguous,
• typos that don't create any ambiguity should be tolerated,
• changes in whitespace, punctuation (unless part of the version) and special chars should be tolerated,
• additional words (like "license") that do not change the meaning should be tolerated.