-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ambiguity of multi-license notation #48303
Comments
in xbps-src and xbps, the license field is just free text so it's more a matter of adding it to xlint. |
Updating xlint would be good, but if we want to support more complex expressions that involve parentheses it gets much more complicated. One solution would be to internally ignore any parentheses, then we only validate the individual license identifiers, but not the entire expression. Or we shell out to a dedicated validator. And the manual should be updated to recommend SPDX expressions instead of comma. |
I'm not sure we truly need support for full SPDX expressions, but even the parentheses could be handled as I think that's what I'm working on once I'm done updating picom and a couple other packages |
I think xlint should just filter parens out |
This changes makes xlint gracefully accept full SPDX licence expressions, while still evaluating only the individual licences in xlint. See void-linux/void-packages#48303
|
Issues become stale 90 days after last activity and are closed 14 days after that. If this issue is still relevant bump it or assign it. |
This changes makes xlint gracefully accept full SPDX licence expressions, while still evaluating only the individual licences in xlint. See void-linux/void-packages#48303
If a package is released under the terms of two licenses the manual says
However, this does not make it clear whether either of the license terms apply, or whether both apply. An example of a package where both licenses apply is
picom
which is under the terms of both the MPL-2.0 and MIT licenses.This ambiguity could be avoided by using SPDX expressions to combine multiple licenses. These expressions can be arbitrarily complex and cover combinations of licenses (
AND
andOR
) as well as exceptions (WITH
) and grouping with parentheses. In the case of picom the SPDX expression isMPL-2.0 AND MIT
. In fact, there is an SPDX file in the repo that contains this license: https://github.com/yshui/picom/blob/197b4bd396590cb5df61eb54ec6a1dadf1115a5d/LICENSE.spdxThe text was updated successfully, but these errors were encountered: