From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dalaran.tastycake.net (dalaran.tastycake.net [IPv6:2001:ba8:0:1c0::1:1]) by sourceware.org (Postfix) with ESMTPS id 6DB5138582BC for ; Wed, 12 Oct 2022 09:00:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6DB5138582BC Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dinwoodie.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=dinwoodie.org Received: from c.a.1.d.d.f.6.c.f.8.d.f.b.e.b.6.d.a.0.2.5.1.e.d.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:de15:20ad:6beb:fd8f:c6fd:d1ac] helo=lucy.dinwoodie.org) by dalaran.tastycake.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oiXb3-0004h4-B9 for cygwin-apps@cygwin.com; Wed, 12 Oct 2022 10:00:13 +0100 Received: from adam by lucy.dinwoodie.org with local (Exim 4.94.2) (envelope-from ) id 1oiXb2-003qbS-0K for cygwin-apps@cygwin.com; Wed, 12 Oct 2022 10:00:12 +0100 Date: Wed, 12 Oct 2022 10:00:11 +0100 From: Adam Dinwoodie To: cygwin-apps@cygwin.com Subject: Re: LICENSE values for non-standard OSS licenses Message-ID: <20221012090011.jpba5xxajs7foijb@lucy.dinwoodie.org> Reply-To: cygwin-apps@cygwin.com References: <20221011083723.5yxsgtgvooxsdx3m@lucy.dinwoodie.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Oct 11, 2022 at 02:13:00PM -0600, Brian Inglis wrote: > On Tue, 11 Oct 2022 09:37:23 +0100, Adam Dinwoodie wrote: > > I'm trying to upload a new version of git-filter-repo, and took the > > opportunity to set the LICENSE value in the cygport file. The new value > > looks valid according to my reading of the SPDX specification, but is > > being rejected by calm. > > The license for git-filter-repo is a bit complicated, because different > > parts have different licenses, and several of them aren't "normal" > > licenses. The license is described at [0] and files referenced / linked > > from there. > > [0]: https://github.com/newren/git-filter-repo/blob/main/COPYING > > I've encoded this as the somewhat verbose > > LICENSE='(MIT OR LicenseRef-inherit-git OR LicenseRef-inherit-libgit2) AND (MIT OR LicenseRef-inherit-git OR LicenseRef-inherit-libgit2 OR LicenseRef-inherit-libgit2-examples) AND GPL-2.0-only' > > The error I'm getting from calm is as follows: > > ``` > > ERROR: invalid hints git-filter-repo-2.38.0-1-src.hint > > ERROR: package 'git-filter-repo': errors in license expression: ['Unknown license key(s): LicenseRef-inherit-git, LicenseRef-inherit-libgit2, LicenseRef-inherit-libgit2-examples'] > > ERROR: errors while parsing hints for package 'git-filter-repo' > > ERROR: error parsing /sourceware/cygwin-staging/home/Adam Dinwoodie/noarch/release/git-filter-repo/git-filter-repo-2.38.0-1-src.hint > > ERROR: error while reading uploaded arch noarch packages from maintainer Adam Dinwoodie > > SUMMARY: 5 ERROR(s) > > ``` > > So it looks like the issue is the way I've encoded the non-standard > > licensing options. "LicenseRef-"(idstring) seems to be the way to > > encode this sort scenario, per [1] and [2], but that doesn't seem to be > > acceptable to calm. > > [1]: https://spdx.github.io/spdx-spec/v2.3/other-licensing-information-detected/ > > [2]: https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/ > > Are there any suggestions about how to resolve this? I don't think I > > can just use the standard license strings: even if we used GPL-2.0-only > > in place of LicenseRef-inherit-git -- incorrect as that's the license > > *currently* used by Git, but the license for git-filter-repo explicitly > > incorporates any future OSS license Git might use -- that still leaves > > the problem of LicenseRef-inherit-libgit2, which is currently GPL 2.0 > > with an exception that's not covered by any of the SPDX standard > > exceptions. > > For now I can just remove the LICENSE values to get the build released, > > but that seems like a temporary approach at best... > > To a similar issue of mine in another thread here (search license) Jon > replied calm uses: > > https://github.com/nexB/license-expression > > produced by the same project/dev as scancode (which scans a codebase to > identify licences as part of project AboutCode), which has registered an > SPDX namespace for its own LicenceRefs available at: > > https://scancode-licensedb.aboutcode.org/ > > which makes me believe Cygwin should use LicenseRef-scancode-public-domain > or as referenced there LicenseRef-PublicDomain, and license-expression > should be able to use the scancode list. I'm not sure I understand your point. Neither LicenseRef-scancode-public-domain nor LicenseRef-PublicDomain look appropriate here, as none of the code has been placed in the public domain. I'm a bit confused about the "Cygwin should use" point, too: are you saying that Cygwin itself should be declared as having a public domain license? I think that's not true, too, per https://cygwin.com/licensing.html