Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: recognize and ignore the PSF license stack instead of failing entirely as UNKNOWN. #45095

Open
lostluck opened this issue Mar 17, 2021 · 3 comments

Comments

@lostluck
Copy link

@lostluck lostluck commented Mar 17, 2021

What is the URL of the page with the issue?

https://pkg.go.dev/github.com/apache/beam@v2.13.0+incompatible/sdks/go/pkg/beam through
https://pkg.go.dev/github.com/apache/beam@v2.21.0+incompatible/sdks/go/pkg/beam

What is your user agent?

Mozilla/5.0 (X11; CrOS x86_64 13597.105.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.208 Safari/537.36

Screenshot

N/A

What did you do?

Include the Python Software Foundation "license stack" in the Apache Beam LICENSE file.

What did you expect to see?

Licences: Apache-2.0, BSD-3-Clause, MIT, PSF

What did you see instead?

Licenses: UNKNOWN

https://pkg.go.dev/github.com/apache/beam@v2.13.0+incompatible/sdks/go/pkg/beam [during]
https://pkg.go.dev/github.com/apache/beam@v2.21.0+incompatible/sdks/go/pkg/beam [during]

Prior to including the PSF License, the file was parsed properly, and listed all the licenses, and after the license file was truncated in error, the Apache 2.0 license was correctly listed.

https://pkg.go.dev/github.com/apache/beam/sdks/go/pkg/beam?tab=versions [before]
https://pkg.go.dev/github.com/apache/beam@v2.22.0-RC1+incompatible/sdks/go/pkg/beam [after]

While probably not common, large enough projects in multiple languages can have Go releases (like Apache Beam) and also include Python which is very much under it's own license, that doesn't prohibit the redistribution necessary for pkg.go.dev. I propose the PSF license is added to the set of "known" licenses, if only to avoid the bad state.

Even if the PSF isn't determined as recognized, failing into UNKNOWN when other licenses parse correctly seems like a bad behavior.

@gopherbot gopherbot added the pkgsite label Mar 17, 2021
@gopherbot gopherbot added this to the Unreleased milestone Mar 17, 2021
@jba jba self-assigned this Mar 18, 2021
@jba jba modified the milestones: Unreleased, pkgsite/unplanned Mar 18, 2021
@jba
Copy link
Contributor

@jba jba commented Mar 18, 2021

I'm working on getting legal approval for the PSF license.

Meanwhile, your text does not match the official OSI license text or the licensecheck regular expression that matches it. For example, you have extra years in the copyright example in section 2 (note that it's only an example, not an actual copyright notice, so no need to add years). And there are differences in the CNI section, for instance you omit BY CLICKING ON "ACCEPT" .... That's as far as I looked; there may be other discrepancies.

@lostluck
Copy link
Author

@lostluck lostluck commented Mar 18, 2021

That's very good to know, thank you! We're conferring with Apache Legal about what we actually need to include as well.

@gopherbot
Copy link

@gopherbot gopherbot commented Mar 18, 2021

Change https://golang.org/cl/303129 mentions this issue: internal/licenses: accept Python-2.0

gopherbot pushed a commit to golang/pkgsite that referenced this issue Mar 18, 2021
For golang/go#45095

Change-Id: Iea030936f382535ec82b64f40fe4b4effc2f5d8f
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/303129
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Julie Qiu <julie@golang.org>
TryBot-Result: kokoro <noreply+kokoro@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants