Created LICENSE

[ranwitter]

Added Perl5 License to support SCA Toolchains like Synopsis Blackduck.

Without this License most automatic SCA Toolchains says no License detected.

[pmqs]

Thanks for the patch, but the GNU license is not appropriate for this code.

[ranwitter]

Thanks for the patch, but the GNU license is not appropriate for this code.

Which License do you suggest ?

[pmqs]

The Perl artistic License 2.0 (https://opensource.org/license/artistic-2-0/) applies to this module.

What issue is this solving?

[pmqs]

Does the file not have to contain the complete license text? Perhaps add a link to the definitive source, like https://www.perlfoundation.org/artistic-license-20.html ? Does that still keep the automatic checkers happy?

[ranwitter]

Most automated SCA Tools scan for distributed verbatim copies of license document and hence a Link is not sufficient.

[pmqs]

Most automated SCA Tools scan for distributed verbatim copies of license document and hence a Link is not sufficient.

Hmm, but this isn't verbatim copy of the licence file. You have changed the formatting and added peoples names.

Are you aware that this code is also shipped with the official Perl distribution, which (I think) has a licence file. Does that matter for your use case?

Also - there are modules that are included by IO::Compress, namely Compress::Raw::Zlib and Compress::Raw::Bzip2, Does your automation not flag them as well?

[ranwitter]

All three Modules are detected currently as shown in screenshots. Please kindly see.

[ranwitter]

In our use case we have deployed all three modules above, downloaded from CPAN.org and dynamically linked under PERL5LIB.

[rwp0]

@ranwitter please consider adding the below to your initial post:

Fixes #53

(to link the PR and Issue together)

[Grinnz]

As posted on the p5p mailing list:

Artistic 1 and 2 are separate licenses that cannot be interchanged, and unfortunately Perl is licensed with "Artistic 1.0 OR GPL 1+", which cannot reasonably be changed. As the license of this distribution appears to be "same as Perl itself", the generated LICENSE file should match this. The easiest way to generate such a file correctly is with the software-license program https://metacpan.org/pod/App::Software::License:

software-license --holder 'Paul Marquess' --year 1995 --license Perl_5 --type license > LICENSE

(you can edit the generated year to the year range as listed in the docs, but the application seems to require an integer)

[pmqs]

@ranwitter I've had a chat with the Perl community about this.

Given that this code has a dual life, namely distributed on CPAN and also bundled with Perl itself, it complicates things a bit.

The Perl license is also dual nature, in that you can choose either the Artistic or GNU license. Me picking one for IO-Compress would complicate the Perl bundle.

The current recommendation therefore is to have this

This software is copyright (c) 1995-2023 by Paul Marquess.

This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.

As it happens I already have that exact wording the top of the README file.

Can your automation be told to look for this in the README file?

[ranwitter]

Thank you for the kind investigation. Yes SCA tool can be redirected to look into README file.

[pmqs]

Thank you for the kind investigation. Yes SCA tool can be redirected to look into README file.

Excellent! Good to hear that you have it sorted.