From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) by sourceware.org (Postfix) with ESMTPS id A52CB385840F for ; Mon, 18 Jul 2022 16:22:00 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org A52CB385840F Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSw.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=systematicsw.ab.ca Received: from shw-obgw-4001a.ext.cloudfilter.net ([10.228.9.142]) by cmsmtp with ESMTP id D9gOoHBeySp39DTVQoQLiD; Mon, 18 Jul 2022 16:22:00 +0000 Received: from [10.0.0.5] ([184.64.124.72]) by cmsmtp with ESMTP id DTVPoD3CUuJwwDTVPo5gLr; Mon, 18 Jul 2022 16:21:59 +0000 X-Authority-Analysis: v=2.4 cv=F+BEy4tN c=1 sm=1 tr=0 ts=62d588a7 a=oHm12aVswOWz6TMtn9zYKg==:117 a=oHm12aVswOWz6TMtn9zYKg==:17 a=IkcTkHD0fZMA:10 a=w_pzkKWiAAAA:8 a=PbMjnBxPITJAFHXfbD4A:9 a=QEXdDO2ut3YA:10 a=afMEWtv3ZCMA:10 a=6Md_zU-CzhQA:10 a=sRI3_1zDfAgwuvI8zelB:22 Message-ID: <9d349c04-4937-8d22-d50f-eb7d3fc80d4b@SystematicSw.ab.ca> Date: Mon, 18 Jul 2022 10:21:59 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 From: Brian Inglis Subject: calm 'license key' upload failures and cygport requirements Reply-To: cygwin-apps@cygwin.com To: cygwin-apps@cygwin.com References: <772cdef7-c1ab-27b9-10e5-aefe91ed35b8@SystematicSw.ab.ca> <88823ca1-ef41-ef59-323b-452c5711b1d8@dronecode.org.uk> <8fd6bd74-9108-d3e0-50bf-fdb2d04145cc@SystematicSw.ab.ca> Content-Language: en-CA Organization: Systematic Software In-Reply-To: <8fd6bd74-9108-d3e0-50bf-fdb2d04145cc@SystematicSw.ab.ca> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4xfEa662j4K1NclzqTmfNTi4CaAQ9kFi1ef/ToH0TVfPheDQSk2xBVcx49g/pWW8uLqZ3IM6zit7bi81XgodjtbNJz7IqT3a6s3xkIrT6Ww90vWnd67or9 FvFt94xFdCefXP1U3T1MP6cXPd5932vy7RZTt1XosEF1fPXxozIzke2GKwv2lRbu51Oy2XEY+KjNKWkjOgLt/2hqLj+OhiG7xto= X-Spam-Status: No, score=-1163.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin-apps@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin package maintainer discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2022 16:22:03 -0000 Hi folks, Could we maybe turn the calm "license key" error messages causing failing uploads down to warnings for now, until we get a handle on what we need to change to make it valid and accurate! It was not obvious to me that these messages were referring to the cygport script variable LICENSE value I provide for some packages. I commented out the values for now, but had to re-package and re-upload the four package related builds, to release the upgrades. As it is summer, and many of us will have other things to do in our free time, if in doubt, I will be commenting these out in future builds, to avoid redos, which will not improve licence traceability or support. For the same reason, this may not be the best time to make these changes, or ask for the related support below. ;^> Could we perhaps also provide either cygport prep integrated warnings about these LICENSE values, similar to DEPEND/BUILD_REQUIRES checks. Perhaps cygport commands could be added like check-dep and check-license, and/or a standalone interface or spdx package built with the calm licence check. A more comprehensive description of what is required and allowed to be specified would be appreciated over and above that linked in the page: https://www.cygwin.com/packaging-hint-files.html For example, I have some packages with alternate and/or multiple licences for different bits e.g. ../libgcrypt/libgcrypt.cygport:LICENSE="LGPLv2.1+/GPLv2+" ../libidn/libidn.cygport:LICENSE=LGPLv3+/GPLv2+/GPLv3+/GFDLv1.3+ ../libidn2/libidn2.cygport:LICENSE="LGPLv3+/GPLv2+/GPLv3+/Unicode2016" Is it sufficient to just replace the slashes with spaces (and add quotes) for now, until we get a handle on what we need to change to make it valid and accurate? Or do slashes have to be replaced with AND/OR/WITH operators to make valid expressions, or split for each subpackage, so each subpackage has an explicit valid SPDX licence expression? Are parentheses also supported as in the specification? I also normally set a LICENSE_SPDX variable with a value prefixed by the recommended SPDX-License-Identifier: tag, and also in a # script comment as recommended in the spec, as well as a LICENSE_URI variable with a list of the src/doc file names containing the licence text(s). What are the expectations for the information provided in the variable? -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada This email may be disturbing to some readers as it contains too much technical detail. Reader discretion is advised. [Data in binary units and prefixes, physical quantities in SI.]