Am 11/10/2022 um 22:13 schrieb Brian Inglis:
On Tue, 11 Oct 2022 09:37:23 +0100, Adam Dinwoodie wrote:
I'm trying to upload a new version of git-filter-repo, and took the
opportunity to set the LICENSE value in the cygport file. The new value
looks valid according to my reading of the SPDX specification, but is
being rejected by calm.
The license for git-filter-repo is a bit complicated, because different
parts have different licenses, and several of them aren't "normal"
licenses. The license is described at [0] and files referenced / linked
from there.
[0]: https://github.com/newren/git-filter-repo/blob/main/COPYING
I've encoded this as the somewhat verbose
LICENSE='(MIT OR LicenseRef-inherit-git OR
LicenseRef-inherit-libgit2) AND (MIT OR LicenseRef-inherit-git OR
LicenseRef-inherit-libgit2 OR LicenseRef-inherit-libgit2-examples)
AND GPL-2.0-only'
From a mere Boolean perspective, this looks redundant and should be
simplified to
LICENSE='(MIT OR LicenseRef-inherit-git OR
LicenseRef-inherit-libgit2) AND GPL-2.0-only'
The error I'm getting from calm is as follows:
```
ERROR: invalid hints git-filter-repo-2.38.0-1-src.hint
ERROR: package 'git-filter-repo': errors in license expression:
['Unknown license key(s): LicenseRef-inherit-git,
LicenseRef-inherit-libgit2, LicenseRef-inherit-libgit2-examples']
ERROR: errors while parsing hints for package 'git-filter-repo'
ERROR: error parsing /sourceware/cygwin-staging/home/Adam
Dinwoodie/noarch/release/git-filter-repo/git-filter-repo-2.38.0-1-src.hint
ERROR: error while reading uploaded arch noarch packages from
maintainer Adam Dinwoodie
SUMMARY: 5 ERROR(s)
```
So it looks like the issue is the way I've encoded the non-standard
licensing options. "LicenseRef-"(idstring) seems to be the way to
encode this sort scenario, per [1] and [2], but that doesn't seem to be
acceptable to calm.
[1]:
https://spdx.github.io/spdx-spec/v2.3/other-licensing-information-detected/
[2]: https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/
Are there any suggestions about how to resolve this? I don't think I
can just use the standard license strings: even if we used GPL-2.0-only
in place of LicenseRef-inherit-git -- incorrect as that's the license
*currently* used by Git, but the license for git-filter-repo explicitly
incorporates any future OSS license Git might use -- that still leaves
the problem of LicenseRef-inherit-libgit2, which is currently GPL 2.0
with an exception that's not covered by any of the SPDX standard
exceptions.
For now I can just remove the LICENSE values to get the build released,
but that seems like a temporary approach at best...
To a similar issue of mine in another thread here (search license) Jon
replied calm uses:
https://github.com/nexB/license-expression
produced by the same project/dev as scancode (which scans a codebase
to identify licences as part of project AboutCode), which has
registered an SPDX namespace for its own LicenceRefs available at:
https://scancode-licensedb.aboutcode.org/
which makes me believe Cygwin should use
LicenseRef-scancode-public-domain or as referenced there
LicenseRef-PublicDomain, and license-expression should be able to use
the scancode list.
