On Tue, 11 Oct 2022 09:37:23 +0100, Adam Dinwoodie wrote:
I'm trying to upload a new version of git-filter-repo, and took the
opportunity to set the LICENSE value in the cygport file. The new value
looks valid according to my reading of the SPDX specification, but is
being rejected by calm.
The license for git-filter-repo is a bit complicated, because different
parts have different licenses, and several of them aren't "normal"
licenses. The license is described at [0] and files referenced / linked
from there.
[0]: https://github.com/newren/git-filter-repo/blob/main/COPYING
I've encoded this as the somewhat verbose
LICENSE='(MIT OR LicenseRef-inherit-git OR LicenseRef-inherit-libgit2) AND
(MIT OR LicenseRef-inherit-git OR LicenseRef-inherit-libgit2 OR
LicenseRef-inherit-libgit2-examples) AND GPL-2.0-only'
The error I'm getting from calm is as follows:
```
ERROR: invalid hints git-filter-repo-2.38.0-1-src.hint
ERROR: package 'git-filter-repo': errors in license expression: ['Unknown
license key(s): LicenseRef-inherit-git, LicenseRef-inherit-libgit2,
LicenseRef-inherit-libgit2-examples']
ERROR: errors while parsing hints for package 'git-filter-repo'
ERROR: error parsing /sourceware/cygwin-staging/home/Adam
Dinwoodie/noarch/release/git-filter-repo/git-filter-repo-2.38.0-1-src.hint
ERROR: error while reading uploaded arch noarch packages from maintainer Adam
Dinwoodie
SUMMARY: 5 ERROR(s)
```
So it looks like the issue is the way I've encoded the non-standard
licensing options. "LicenseRef-"(idstring) seems to be the way to
encode this sort scenario, per [1] and [2], but that doesn't seem to be
acceptable to calm.
[1]: https://spdx.github.io/spdx-spec/v2.3/other-licensing-information-detected/
[2]: https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/
Are there any suggestions about how to resolve this? I don't think I
can just use the standard license strings: even if we used GPL-2.0-only
in place of LicenseRef-inherit-git -- incorrect as that's the license
*currently* used by Git, but the license for git-filter-repo explicitly
incorporates any future OSS license Git might use -- that still leaves
the problem of LicenseRef-inherit-libgit2, which is currently GPL 2.0
with an exception that's not covered by any of the SPDX standard
exceptions.
For now I can just remove the LICENSE values to get the build released,
but that seems like a temporary approach at best...
To a similar issue of mine in another thread here (search license) Jon replied
calm uses:
https://github.com/nexB/license-expression
produced by the same project/dev as scancode (which scans a codebase to identify
licences as part of project AboutCode), which has registered an SPDX namespace
for its own LicenceRefs available at:
https://scancode-licensedb.aboutcode.org/
which makes me believe Cygwin should use LicenseRef-scancode-public-domain or as
referenced there LicenseRef-PublicDomain, and license-expression should be able
to use the scancode list.
--
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
