1. Home
  2. Categories
  3. Support
  4. Conan License detection issue

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Conan License detection issue

  • I

    Hi there,

    after evaluating a Conan Feed in ProGet it saw a confusing thing in the detection.
    First of all I configured the License Check in System as follows:

    • General -> Undetectable rule: Warn
    • Compliant -> "Empty"

    I created a really simple Conan Recipe which only defines some basic parameters (no files added):

    class BasicConanfile(ConanFile):
    name = "test"
    version = "1.0"
    description = "A test recipe"
    license = "Apache-2.0"

    After creating this and upload it to the Conan-Feed, I get the following correct information from Proget (Package Overview):

    ⛔ Package is Noncompliant
This package analysis resulted in a Noncompliant result because of an Unacceptable License (Apache-2.0).

    Now I added Apache-2.0 to the Compliant Licenses and get the following information from Proget (Package Overview):

    ⚠ Warning: Use with Caution
No license detected

    The Metadata for this Package shows me the following

    License: 	None, Known type (Apache-2.0)

    so I added the Apache-2.0 License-File to my sources of the Conan-Recipe and reuploaded it but the message from Proget is the same:
    (Package Overview):

    ⚠ Warning: Use with Caution
No license detected

    But the Metadata for this Package now shows me the following

    License: 	SPDX Expression (Apache-2.0), Known type (Apache-2.0)

    Could you check this?

    Best regards
    Florian

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    Hi @it_9582 ,

    This is a known issue / UI quirk with Conan packages, and hopefully should only impact that one page in the UI.

    To be honest I don't quite get the issue, but it has something to do with the fact that a Conan package is actually "set of packages that share a name and version". Each package in the set can define its own license file.

    The particular page was never really designed for "package sets" so the display is a little weird. It's a nontrivial effort to fix and would obviously impact all other package types, so it's not a priority at the moment.

    We would love to redo the UI at some point, s I think it'd mkae sense to do then.

    Thanks,
    Alana

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation