Deduplicate or remove SPDX license identifier comments #55
Comments
frangio
changed the title
|
The suggestion by the Solidity team is to remove the comments entirely from the flattened file. I think this is easy and reasonable. In fact, I don't think deduplicating would be a good idea because even if all of the license identifiers that are found are the same, there may be unlicensed files and we can't assume that the same license applies to them.
|
|
I don't think any tool such as My preference would be an error if there are a mix of license identifiers. For verification on block explorers we need a tool ( I have posted about SPDX license identifiers in the OpenZeppelin Community Forum: https://forum.openzeppelin.com/t/solidity-0-6-8-introduces-spdx-license-identifiers/2859 |
The error should also be emitted when some of the files don't have any license identifier at all. |
|
@frangio removing comments entirely is not a good idea, since some devs use flatten version to upload to etherscan. |
|
@k06a Do you have a preference for any of the other strategies mentioned? |
|
@frangio Let's remove all the SPDX comments and specify set of licenses over |
|
I tend to agree with the single comment / multiple licenses approach |
|
I use the following script to keep only first entries of license and ABIEncoderV2: |
This commit combines the licenses in multiple SPDX declarations as also reported in NomicFoundation#55.
|
using SPDX's conjunctive
|
ghost
mentioned this issue
|
What I did in v0.4 of truffle-plugin-verify (before moving to Standard Input JSON) was output an error message when the flattened output contained >1 SPDX identifier. The user could then use a flag |
|
What about modifying the comments a bit so that solidity ignores them, but we keep the lincense of each file? For example, we could turn |
|
+1 against removing all comments. I have things like which control the behavior for solhint and slither. |
|
Is there a plan to implement the modification of the SPDX-License comments? |
|
Iam getting this error anyone can help me please Compiler debug log: Compiler Warning(s): Warning: SPDX license identifier not provided in source file. Before publishing, consider adding a comment containing "SPDX-License-Identifier: " to each source file. Use "SPDX-License-Identifier: UNLICENSED" for non-open-source code. Please see https://spdx.org for more information. Compiler Version: v0.8.7+commit.e28d00a7 |
|
Closing to clean up the repository. If this problem persists, please open a new issue with a clear explanation. |
|
Still a bug. |
|
@alcuadrado This is still a bug and it would create a valid error for contract verifiers. It is 2022 and I think we have no reason to remove those comment lines manually. |
|
The recommended way of verifying source code nowadays is multi-file verification (using Standard Input JSON), which retains license information for individual files. This is supported by Etherscan as well as truffle-plugin-verify, hardhat-etherscan and hardhat-deploy. So imo it seems fair enough to say this issue is out of scope for truffle-flattener, and if you still want to verify through a flattened file for any reason, dealing with the license identifiers should be handled in the code of those verification plugins, rather than here. |
Solidity 0.6.8 introduced
// SPDX-License-Identifiercomments that will now become quite common because their omission produces a compiler warning. These comments cannot be duplicated or they will produce a compiler error. They need to be combined into a single comment. This is easy if all comments are exactly the same (although hopefully the compiler can be changed so that this is no longer an error...) but it's not clear what should be done when there are multiple licenses across the file. I've asked in the Solidity repository for guidance. ethereum/solidity#8989The text was updated successfully, but these errors were encountered: