LICENSE values for non-standard OSS licenses

Brian Inglis Brian.Inglis@SystematicSw.ab.ca
Sun Oct 30 17:19:20 GMT 2022 

On Sun, 30 Oct 2022 13:15:19 +0000, Jon Turney wrote:
> On 15/10/2022 13:58, Adam Dinwoodie wrote:
>> On Fri, 14 Oct 2022 at 17:28, Jon Turney wrote:
>>> On 11/10/2022 09:37, Adam Dinwoodie wrote:
>>>> ```
>>>> ERROR: invalid hints git-filter-repo-2.38.0-1-src.hint
>>>> ERROR: package 'git-filter-repo': errors in license expression: ['Unknown license key(s): LicenseRef-inherit-git, LicenseRef-inherit-libgit2, LicenseRef-inherit-libgit2-examples']
>>>> ERROR: errors while parsing hints for package 'git-filter-repo'
>>>> ERROR: error parsing /sourceware/cygwin-staging/home/Adam Dinwoodie/noarch/release/git-filter-repo/git-filter-repo-2.38.0-1-src.hint
>>>> ERROR: error while reading uploaded arch noarch packages from maintainer Adam Dinwoodie
>>>> SUMMARY: 5 ERROR(s)
>>>> ```

>>> Sigh.  Yeah, this isn't working well and is causing people problems, so
>>> I've changed this validation failure from an error to a warning, for the
>>> moment.

>>> I might remove it totally, or revise how it works in the future.

>> I definitely appreciate the principle of declaring this sort of thing!
>> The current mechanism might not be working, but I suspect that's
>> mostly an issue of deciding what we're trying to achieve with it, and
>> what options there are for achieving that…

> I think I misspoke here in saying "I".  Since there seems to be lots of 
> people with opinions on this topic, if someone else wants to take the 
> initiative and define how this is going to work, that would be great :) 
> (Not least because I am limited in how much time I can devote to this 
> currently)

It appears that, like us, SPDX uses volunteers (some may be part-timers from RH 
or other legal staff), so they are still getting up to speed, requiring two 
lawyers and a non-lawyer to agree for a licence definition signoff, discussing 
how they should be handling exceptions, conf calling only weekly, while projects 
like Scancode and Fedora are auto-submitting licence requests for new texts from 
packages they have scanned daily.

I suggest we take it easy about licensing until SPDX gets more stable, complete, 
and better defined.

I found searching some of my packages that there may be multiple instances of 
COPYING{,.LIB},{gpl,lgpl,fdl}.texi, and the like in different directories, some 
may be later versions than others, and there may or may not be a licensing 
definition of how they apply in package docs.

I'd suggest that if we can't find a named SPDX (or Scancode, etc.) licence id, 
we create our own LicenseRef-Cygwin{,-exception}-... appending suitable terms, 
and/or the package, and/or copyright holder name(s).

Then submit it to the SPDX GitHub project as an issue, with the required 
upstream and/or repo links and texts.

-- 
Take care. Thanks, Brian Inglis			Calgary, Alberta, Canada

La perfection est atteinte			Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter	not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer	but when there is no more to cut
			-- Antoine de Saint-Exupéry

More information about the Cygwin-apps mailing list