FOSSology Wiki

open source license compliance

User Tools

Site Tools


The contents of the FAQ lists has been taken from questions on the mailing list or e-mails sent directly.

License Handling

Quite often I have seen that NOMOS is mentioned. I can’t find detailed information about NOMOS. What is NOMOS?

Admitted, there is not a single comprehensive documentation about Nomos, but it scattered accross the github wiki and the olderpages. In addtion some reports publish contain information about Nomos. Nomos is based on regular expression matching, but it is clearly more than that:

  • Nomos maintains a hierarchy of regular expressions, to reuse regular experession among license families, e.g. some are targeting GPL in general, while others directly identify GPL 2.0.
  • Nomos filters out comment characters and optimizes matches by cleaning the text before processing.
  • Nomos uses “seedwords” to identify license relevant sections in larger text files to accelerate processing of large uploads.
  • Nomos analyses the occurrences of “seedwords” to eliminate false positives, when it comes to license relevant text recognition. For example, the term distribution is license relevant, however, also part of many technical writings. As such, looking for distribute or distribiution only in comment text would lead to many false positives.

Assume license texts or commercial license information not being part of the FOSSology licenses, will they appear in the reporting or SPDX file export?

Generally, the search for licenses is not limited to known licenses but license relevant text. The scan results just in an unknown license.

And yes, such information will be put in an SPDX report. The user must select the referring license text. The user can attach this to the file as individual conclusion. Or, the user creates a new license text entry, if the license text is covering multiple files. In both cases, this license text is part of the export.

Does the license list go in accordance with the license list of SPDX? Is there deviation between SPDX and FOSSology?

FOSSology recognizes more licenses than the SPDX license list contains because over the years the developers have contributed a few more texts than what is covered today in the SPDX license list. Besides, FOSSology uses the same license short names for all those licenses that are on the SPDX license list as well. On the long term, the SPDX license list and the set of licenses of the FOSSology distribution should be the same.

What happens if some parts of the wording in the license are changed: Is the deviation not recognized, is it highlighted or listed as an unclassified license?

Yes, the deviation is recognized. Using colored highlighting, the user can see additions, removals and modifications from the reference license text in the database. In addition, it is shown how many percent of the tokens (=basically words) are equal when compared to the reference text. An example is shown below.

Using FOSSology, do we get a list of all FOSS licenses?

FOSSology itself can recognize about different 600 licenses. However, it would be impossible for FOSSology to be able to detect any available license in the world. Therefore FOSSology can detect license relevant statements such as, for example:

  • Unknown licenses, unclassified licenses
  • Do not use statements
  • See file for license statements
  • Permission notices

In addition, FOSSology offers different ways of adding a license text to provide consistent reporting with the actual license text in a file:

  • adding a license text on file level
  • Providing new license text for reporting but not for scanning
  • Adding a new license to the database, also included at future scans

Adding licenses to the main database can be done on a per license basis per Web form or by using a CSV file import.

I select “No License Known” and click on “Submit”, but after the selected radio button control is at “Identified”, why?

It may be confusing at first hand, but submitting a “No License Known” will result in: a) disabling all scanner results (hence the line with a license should switch to red), and b) the clearing result is set to “Identified”. Technically, we would like to have all results “identified”, either with undisabled license entries, or , if no license is known, no license enabled. Attached a screen shot how it looks like before and after:

How does the “clearing decision scope” work?

Based on a hash computation of the file contents, FOSSology will determine a future occurrence of the same file. Then, if the same file is part of a subsequent upload, existing clearing decisions with global scope will be applied there as well. Consider that this decision will impact also upload of other users. It should be checked with much care therefore and used in hyper-obvious cases. In a multi user environment, this may propagate mistaken license decisions by less experiences experts or persons with no licensing knowledge at all.

I added a custom license text in the single file view license browser and suddenly a new license name appears, what happened?

FOSSology checks for texts in license database and has found a license entry that has actually the 100% matching text.

In the license browser main view, at the top level of an upload, I sometime see differences between the scanner count of a license and list of files selected by the filter of the same license. Is something wrong?

No. The scanner scans each file once. However, the same file can be present in the upload several times. The Screenshot below gives an example: The scanner count is 27, but the number of files is 43 when using the filter. Some of the affected files appear just several times in the file tree.

How do we replace the license by Nomos text with actual license text during clearing itself?

By clicking the text cell in the found license results table on the right. In this case the license needs to get added manually!

What is the difference between “irrelevant” and “no license known”?

(Look at the tool tips) “No license known”: Even after review, no license relevant information can be determined and “irrelevant”: There is license relevant information, but this is not relevant information for the clearing of this file (for example, files that are not used at all and also not distributed)

Bulk Scanning and 'Edit'

What is the difference between Edit and Bulk in the License Browser hierarchy view?

Bulk considers a text phrase and edit does not. Edit does flatly set all files in the folder.

I can issue a bulk scan, but nothing happens?

Most likely a license was selected but not added to the list of licenses for addition or removal. For this, the plus or minus sign must be clicked respectively. Selecting a license “FSF” and clicking a plus sign results in a setting for the bulk scan that FSF will be added - before only the menu selection was sufficient.

Can we mark a folder as nonfunctional? like DOC or BUILD folders

Maybe by using the clearing decision type irrelevant, but that needs to checked if that is intended that the distribution will cover these parts set to irrelevant.

Users, Groups and Folders

How do I change my password?

Go to menu “Admin”, select sub menu “Users”, select sub menu item “Edit user account”

My uploads are not visible for others, why?

The uploads are visible per group, mostly depending on the visibility settings at upload. For each user also a per-user group is created (similar to unix / posix file systems with groups based access model). If you have selected your per-user group, where you are the only member, only you can see your uploads, clearing decisions, etc. In order to share your activities with others, please make sure that your main working group is selected.

faq.txt · Last modified: 2016/09/09 15:21 by michaelj