-
Notifications
You must be signed in to change notification settings - Fork 56
Online SPDX New License Requests Submittal, Google Summer of Code 2018
The aim of this Google Summer of Code 2018 project is to design and develop new features to the existing SPDX Online Tools that enhance the process of submitting and reviewing new SPDX license requests, to be later included in the SPDX license-list-XML GitHub repository.
Currently, new license requests are submitted through emails to the SPDX legal team and the license XML files are manually generated. Although there is already a way to submit new licenses, the current procedure that license producers follow is not robust enough and generating XML files manually can be a tedious task.
This project allows license producers to submit new licenses in a more robust and user-friendly way by filling an online form. After submitting a new license, an issue with the license submittal request information is automatically added to the license-list-XML repository issues list. Finally, this project allows any user to check new license requests that have been submitted in the past.
All the written code used to implement these features can be found at: #38, #31, #42. The main branch in which the project has been developed, will be merged into the master branch after the conclusion of the GSoC 2018.
The usage of the new tools is explained in this section.
A form for submitting new license requests has been added to the Online Tools. Besides the license information itself, this form also includes an optional email field, which could be later used to contact the license producer. Just after a new license request has been successfully added, an issue with the license information is automatically added to the license-list-XML repository issues list to notify there is a new license submittal request. Issues that have been automatically generated by the Online Tool, contains the text [SPDX-Online-Tools] on their titles to differentiate them from manually created issues.
Everytime a license submittal request form is successfully submitted, a GitHub issue should be created on the license-list-XML repository. The issue's title is presented as New license request: LICENSE_IDENTIFIER [SPDX-Online-Tools]. The issue's body lists the license fullname, shortidentifier, source url and the OSI approval status. On the other hand, if the license submittal request form is successfully submitted but there are some problems on creating the issue, a warning message is displayed on the form view to notify the user. Presenting problems on the issue's creation does not avoid the request to be submitted to the Online Tools database, as long as there are not other problems on the submission.
A list of the new licenses requests has been added to the Online Tools. When a new license request is successfully submitted, it is added to a list in which any user can search licenses submitted in the past. This licenses list includes licenses that has been rejected, accepted or even have not been reviewed by the legal team yet. A request can be searched through a search bar, which filters requests by license fullnames, identifiers or submission dates. Any item of the list represents a license request submitted and it can be selected to show more information about the request.
Whenever a license request is selected from the requests list, the request information is displayed. Besides reviewing the license information fields, users can also locally download an automatically generated XML file which contains the license information according to the SPDX standard license schema.
In this section, some technical details of the implemented new features are explained.
Everytime a license request is successfully submitted, it is stored in the Online Tool database. However, not all the new license request form fields are directly stored on the database. The only form fields directly used to instance the license database model are the fullname, shortidentifier, and producer's email. It is also recorded the datetime in which the request is submitted, to later filter requests on the requests list by submission date. Finally, an XML string is generated by using the xml.etree.ElementTree class to parse the request form and it is stored as another attribute. The XML string follows the SPDX standard schema and is later used to be parsed and display the license complete information and allow users to locally download it from the Online Tool.
When a license request is successfully submitted, the createIssue view is automatically called. To create the issue on the license-list-XML repository, a POST request is sent to https://api.github.com/repos/spdx/license-list-XML/issues. This POST request includes an Authorization header and it has as value token XXXXX, where XXXXX is a GitHub token generated for the application. Finally, it is expected to receive a response status code 201, which according to the GitHub Developer Guide, represents that the issue was successfully submitted.