On Sun, 30 Oct 2022 13:15:19 +0000, Jon Turney wrote:
On 15/10/2022 13:58, Adam Dinwoodie wrote:
On Fri, 14 Oct 2022 at 17:28, Jon Turney wrote:
On 11/10/2022 09:37, Adam Dinwoodie wrote:
```
ERROR: invalid hints git-filter-repo-2.38.0-1-src.hint
ERROR: package 'git-filter-repo': errors in license expression: ['Unknown
license key(s): LicenseRef-inherit-git, LicenseRef-inherit-libgit2,
LicenseRef-inherit-libgit2-examples']
ERROR: errors while parsing hints for package 'git-filter-repo'
ERROR: error parsing /sourceware/cygwin-staging/home/Adam
Dinwoodie/noarch/release/git-filter-repo/git-filter-repo-2.38.0-1-src.hint
ERROR: error while reading uploaded arch noarch packages from maintainer Adam
Dinwoodie
SUMMARY: 5 ERROR(s)
```
Sigh. Yeah, this isn't working well and is causing people problems, so
I've changed this validation failure from an error to a warning, for the
moment.
I might remove it totally, or revise how it works in the future.
I definitely appreciate the principle of declaring this sort of thing!
The current mechanism might not be working, but I suspect that's
mostly an issue of deciding what we're trying to achieve with it, and
what options there are for achieving that…
I think I misspoke here in saying "I". Since there seems to be lots of
people with opinions on this topic, if someone else wants to take the
initiative and define how this is going to work, that would be great :)
(Not least because I am limited in how much time I can devote to this
currently)
It appears that, like us, SPDX uses volunteers (some may be part-timers from RH
or other legal staff), so they are still getting up to speed, requiring two
lawyers and a non-lawyer to agree for a licence definition signoff, discussing
how they should be handling exceptions, conf calling only weekly, while projects
like Scancode and Fedora are auto-submitting licence requests for new texts from
packages they have scanned daily.
I suggest we take it easy about licensing until SPDX gets more stable, complete,
and better defined.
I found searching some of my packages that there may be multiple instances of
COPYING{,.LIB},{gpl,lgpl,fdl}.texi, and the like in different directories, some
may be later versions than others, and there may or may not be a licensing
definition of how they apply in package docs.
I'd suggest that if we can't find a named SPDX (or Scancode, etc.) licence id,
we create our own LicenseRef-Cygwin{,-exception}-... appending suitable terms,
and/or the package, and/or copyright holder name(s).
Then submit it to the SPDX GitHub project as an issue, with the required
upstream and/or repo links and texts.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
