From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dalaran.tastycake.net (dalaran.tastycake.net [IPv6:2001:ba8:0:1c0::1:1]) by sourceware.org (Postfix) with ESMTPS id 321513858D38 for ; Wed, 12 Oct 2022 18:59:47 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 321513858D38 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dinwoodie.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=dinwoodie.org Received: from c.a.1.d.d.f.6.c.f.8.d.f.b.e.b.6.d.a.0.2.5.1.e.d.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:de15:20ad:6beb:fd8f:c6fd:d1ac] helo=lucy.dinwoodie.org) by dalaran.tastycake.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oigxF-0003Ny-GO for cygwin-apps@cygwin.com; Wed, 12 Oct 2022 19:59:45 +0100 Received: from adam by lucy.dinwoodie.org with local (Exim 4.94.2) (envelope-from ) id 1oigxD-004FjD-QG for cygwin-apps@cygwin.com; Wed, 12 Oct 2022 19:59:43 +0100 Date: Wed, 12 Oct 2022 19:59:43 +0100 From: Adam Dinwoodie To: cygwin-apps@cygwin.com Subject: Re: LICENSE values for non-standard OSS licenses Message-ID: <20221012185943.kucwn4xij7ray7d4@lucy.dinwoodie.org> Reply-To: cygwin-apps@cygwin.com References: <20221011083723.5yxsgtgvooxsdx3m@lucy.dinwoodie.org> <871qrcexen.fsf@Rainer.invalid> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <871qrcexen.fsf@Rainer.invalid> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,KAM_DMARC_STATUS,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Wed, Oct 12, 2022 at 07:58:56PM +0200, Achim Gratz wrote: > Adam Dinwoodie writes: > > ERROR: invalid hints git-filter-repo-2.38.0-1-src.hint > > ERROR: package 'git-filter-repo': errors in license expression: ['Unknown license key(s): LicenseRef-inherit-git, LicenseRef-inherit-libgit2, LicenseRef-inherit-libgit2-examples'] > > ERROR: errors while parsing hints for package 'git-filter-repo' > > ERROR: error parsing /sourceware/cygwin-staging/home/Adam Dinwoodie/noarch/release/git-filter-repo/git-filter-repo-2.38.0-1-src.hint > > ERROR: error while reading uploaded arch noarch packages from maintainer Adam Dinwoodie > > SUMMARY: 5 ERROR(s) > > ``` > > > > So it looks like the issue is the way I've encoded the non-standard > > licensing options. "LicenseRef-"(idstring) seems to be the way to > > encode this sort scenario, per [1] and [2], but that doesn't seem to be > > acceptable to calm. > > > > [1]: https://spdx.github.io/spdx-spec/v2.3/other-licensing-information-detected/ > > [2]: https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/ > > As it should, since "inherit-git" or any of the other variations doesn't > seem to be a valid license expression per the above. I'm trying to use "LicenseRef-inherit-git" and similar, not just "inherit-git", to be clear. >From https://spdx.github.io/spdx-spec/v2.3/other-licensing-information-detected/ > 10 Other licensing information detected section > > 10.1 License identifier field > > 10.1.1 Description > > Provide a locally unique identifier to refer to licenses that are not > found on the SPDX License List. This unique identifier can then be > used in the packages, files and snippets sections of the SPDX document > (Clause 7, Clause 8 and Clause 9, respectively). The metadata for the > license identifier field is shown in Table 63. > > Table 63 — Metadata for the license identifier field > > Attribute | Value > --------------+-------- > Required | Conditional > Cardinality | 0..1 conditional (Mandatory, one) if license is not on > | SPDX License List. > Format | `"LicenseRef-"[idstring]` where `[idstring]` is a > | unique string containing letters, numbers, `.` and/or > | `-`. > > 10.1.2 Intent > > Create a human readable short form license identifier for a license > not on the SPDX License List. This identifier shall be unique within > the SPDX document. In previous versions of SPDX, the references were > required to be sequential numbers, but as of version 1.2, creators may > specify references that are easier for humans to remember and mentally > map. >From https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/ > ... A license expression could be a single license identifier found on > the SPDX License List; a user defined license reference denoted by the > LicenseRef-[idString]; a license identifier combined with an SPDX > exception; or some combination of license identifiers, license > references and exceptions constructed using a small set of defined > operators (e.g., AND, OR, WITH and +). We provide the definition of > what constitutes a valid an SPDX License Expression in this section. > > The exact syntax of license expressions is described below in ABNF. > > idstring = 1*(ALPHA / DIGIT / "-" / "." ) > > license-id = > > license-exception-id = > > license-ref = ["DocumentRef-"(idstring)":"]"LicenseRef-"(idstring) > > simple-expression = license-id / license-id"+" / license-ref > > compound-expression = (simple-expression / > simple-expression "WITH" license-exception-id / > compound-expression "AND" compound-expression / > compound-expression "OR" compound-expression / > "(" compound-expression ")" ) > > license-expression = (simple-expression / compound-expression) Both of these seem to say that "LicenseRef-inherit-git" and similar is exactly the way to describe a license that isn't covered by the SPDX License List, at least unless I'm grossly misunderstanding how license-ref is defined in the ABNF and/or what the LICENSE value in the cygport file is supposed to store. > > Are there any suggestions about how to resolve this? I don't think I > > can just use the standard license strings: even if we used GPL-2.0-only > > in place of LicenseRef-inherit-git -- incorrect as that's the license > > *currently* used by Git, but the license for git-filter-repo explicitly > > incorporates any future OSS license Git might use -- that still leaves > > the problem of LicenseRef-inherit-libgit2, which is currently GPL 2.0 > > with an exception that's not covered by any of the SPDX standard > > exceptions. > > Well I think you can, the license explicitely says you can chose any of > them as you see fit, so you can pick one today and another tomorrow if > you are so inclined. Yes, that's true. I'm not a fan of making decisions for sub-licensees that I don't need to make, though; under the same logic, there would be no need for the "OR" syntax in SPDX at all...