Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

declared non-SPDX license shoud result in text attachment #692

Closed
jkowalleck opened this issue Mar 14, 2024 · 1 comment · Fixed by #694
Closed

declared non-SPDX license shoud result in text attachment #692

jkowalleck opened this issue Mar 14, 2024 · 1 comment · Fixed by #694
Assignees
@jkowalleck
Labels
bug Something isn't working

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Mar 14, 2024
edited
Loading

in python packaging, the metadata License: field(s) is either a SPDX id/expression, or it is a license text.

current implementation causes it to be a declared license name, instead of a license text.
this needs to be fixed. this does not affect concluded licenses!

expected outcome:

  • license name is Declared license of <package>
  • license text is attached
    • content is the declared license
    • content type: text/plain
    • could be base64-encoded, though this is not needed - as per all relevant specs the text is expected to be UTF8 string already.

this is partially related to #570

see https://packaging.python.org/en/latest/specifications/core-metadata/#license

Text indicating the license covering the distribution where the license is not a selection from the “License” Trove classifiers. See “Classifier” below. This field may also be used to specify a particular version of a license which is named via the Classifier field, or to indicate a variation or exception to such a license.
@jkowalleck jkowalleck added the bug Something isn't working label Mar 14, 2024
@jkowalleck jkowalleck transferred this issue from CycloneDX/cyclonedx-python-lib Mar 14, 2024
@jkowalleck
Copy link
Member Author

have a reproducible example with NumPy -- they have extende dlicene texts in the wheel metadata.

@jkowalleck jkowalleck changed the title declared license is a text, not a name have declared non-SPDX license result in wrong-structured CDX Mar 14, 2024
@jkowalleck jkowalleck self-assigned this Mar 14, 2024
This was referenced Mar 14, 2024
Merged
Open
@jkowalleck jkowalleck changed the title have declared non-SPDX license result in wrong-structured CDX declared non-SPDX license shoud result in text attachment Mar 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkowalleck jkowalleck

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: declared license texts as such, not as license name CycloneDX/cyclonedx-python
1 participant
@jkowalleck