~alpine/devel

2 2

[alpine-devel] License naming in APKBUILD - SPDX License List

Przemysław Pawełczyk
Details
Message ID
<160a7f5a25c.dd2c8b7d7764.1316088247815737711@zoho.com>
Sender timestamp
1514646441
DKIM signature
missing
Download raw message
Hello, Apliners!

License naming in APKBUILD files is not consistent yet - a known fact.

Back in June 2017 there was an agreement on IRC channel (#alpine-devel)
to start using one naming scheme.  We've chosen identifiers defined by:

    The Software Package Data Exchange (SPDX)
    https://spdx.org/

I'm sending this mail, because it is not a well-known fact, and AL wiki
has not been updated yet to reflect the change.

SPDX License List covers many licenses, it's quite flexible, others use
it too.  Even kernel started adding SPDX license identifiers recently:

    SPDX identifiers in the kernel
    https://lwn.net/Articles/739183/

SPDX License List can be found here:

    https://spdx.org/licenses/

SPDX License List has been apparently updated recently.  There is
version 3.0 (28 December 2017) now.  I archived its current state:

    http://archive.is/Ke3tD
    http://web.archive.org/web/20171230141353/https://spdx.org/licenses/

It made some indentifiers more explicit, which I think is a good thing
for readability (even if I somewhat preferred older, more concise ones).
Examples:

    GPL-2.0   ->  GPL-2.0-only
    GPL-2.0+  ->  GPL-2.0-or-later

I believe that we should fix ourselves at SPDX License List 3.0 for now.
I doubt there will be any new version soon, and even if, I think it will
be more about adding lacking stuff rather than changing existing ones.

So any new APKBUILD file should properly fill license field.
We should be able to fix all old APKBUILD files before Alpine Linux 3.8.
IIRC there were some volunteers for this task in the past already.

Regards,
Przemek



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Carlo Landmeter
Details
Message ID
<CA+cSEmP-qg28A9gtfdMQ2VjHfvhPmQkm5HO8bSE1U6cwvExDTw@mail.gmail.com>
In-Reply-To
<160a7f5a25c.dd2c8b7d7764.1316088247815737711@zoho.com> (view parent)
Sender timestamp
1514891787
DKIM signature
missing
Download raw message
On 30 December 2017 at 16:07, Przemysław Pawełczyk <przemoc@zoho.com> wrote:
> Hello, Apliners!

Hi

>
> So any new APKBUILD file should properly fill license field.
> We should be able to fix all old APKBUILD files before Alpine Linux 3.8.
> IIRC there were some volunteers for this task in the past already.
>

I worked out a small patch[1] with ncopa to check for valid SPDX
licenses inside abuild.
I also added an aport[2] to aports which includes all licences
(including a list pkg which abuild uses).

We decided to issue a warning instead of error because too many
packages will be affected and
could create havoc for first time contributors.

1. http://tpaste.us/Rjj9
2. https://git.alpinelinux.org/cgit/aports/tree/testing/spdx-licenses/APKBUILD


-carlo


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Przemysław Pawełczyk
Details
Message ID
<160b746b1df.f58bbbed2423.836188514012151476@zoho.com>
In-Reply-To
<CA+cSEmP-qg28A9gtfdMQ2VjHfvhPmQkm5HO8bSE1U6cwvExDTw@mail.gmail.com> (view parent)
Sender timestamp
1514903363
DKIM signature
missing
Download raw message
---- On Tue, 02 Jan 2018 12:16:27 +0100 Carlo Landmeter <clandmeter@gmail.com> wrote ----
> On 30 December 2017 at 16:07, Przemysław Pawełczyk <przemoc@zoho.com> wrote:
> >
> > So any new APKBUILD file should properly fill license field.
> > We should be able to fix all old APKBUILD files before Alpine Linux 3.8.
> > IIRC there were some volunteers for this task in the past already.
> >
>
> I worked out a small patch[1] with ncopa to check for valid SPDX
> licenses inside abuild.
> I also added an aport[2] to aports which includes all licences
> (including a list pkg which abuild uses).

Thanks for doing this, Carlo!

My only concern is the name of the option: !spdx

SPDX effort is not only about their license list (even if they're most
known for it), therefore I wouldn't use their name in option as-is,
because it's too broad and too ambiguous.

Wouldn't simple !license be much more explicit and clear?

What do you think?

>
> We decided to issue a warning instead of error because too many
> packages will be affected and
> could create havoc for first time contributors.

I understand such approach, but I'm not sure it's a good solution to
move forward.

Read also (*) below.

>
> 1. http://tpaste.us/Rjj9
> 2. https://git.alpinelinux.org/cgit/aports/tree/testing/spdx-licenses/APKBUILD

I would also like to thank Jakub for commit 63f5e7d29565 (2017-12-30):

    [various]: unify names of licenses according to SPDX

bringing us a few steps closer toward coherent license naming.

(*) Beside unified license naming, some additional effort is needed for
making license info correct, which may not always be the case yet.
(It's actually better to have no license info than have it wrong.)

To make such effort coordinated (we have a lot of packages, so it needs
to be coordinated somehow, no doubt about it), I would suggest adding
!license to almost all APKBUILDs (almost, because some of them were also
recently fixed, and some new ones already have proper license).

We would remove !license from APKBUILD when license field is confirmed
to be correct in the given package.

What do you think?

>
>
> -carlo

Regards,
Przemek

P.S. Happy New Year 2018! Maybe it will be Alpine Linux year? :)



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---