brackets in spdx license expression rejected by as_is_spdx_license_expression #469
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…pression
something like: "CC0-1.0 AND (BSD-3-Clause OR LGPL-2.1-only)"
is reported by appstreamcli check-license as "invalid" and not "Free and
Open Source"
$ appstreamcli check-license "CC0-1.0 AND (BSD-3-Clause OR LGPL-2.1-only)"
License Type: invalid
Suitable for AppStream metadata: no
Free and Open Source: no
Trying to debug I find that "as_license_is_free_license" accepts this
string as valid, but that "as_is_spdx_license_expression" considers
it invalid due to the presence of "(" and ")" so it is rejected there
and so ascli_check_license goes on to use as_license_to_spdx_id which
turns it into "CC0-1.0-1.0 AND (BSD-3-Clause-3-Clause OR LGPL-2.1-only)"
ascli_check_license is ok with brackets, but at this point its mangled
and understandably fails.
In fedora in practice I see gnome-software designate libreoffice
langpacks as "Proprietary Code" when a similar license tag is extracted
from the rpm and propogated into appstream.
https://bugs.documentfoundation.org/show_bug.cgi?id=154056
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
something like: "CC0-1.0 AND (BSD-3-Clause OR LGPL-2.1-only)" is reported by appstreamcli check-license as "invalid" and not "Free and Open Source"
$ appstreamcli check-license "CC0-1.0 AND (BSD-3-Clause OR LGPL-2.1-only)" License Type: invalid
Suitable for AppStream metadata: no
Free and Open Source: no
Trying to debug I find that "as_license_is_free_license" accepts this string as valid, but that "as_is_spdx_license_expression" considers it invalid due to the presence of "(" and ")" so it is rejected there and so ascli_check_license goes on to use as_license_to_spdx_id which turns it into "CC0-1.0-1.0 AND (BSD-3-Clause-3-Clause OR LGPL-2.1-only)" ascli_check_license is ok with brackets, but at this point its mangled and understandably fails.
In fedora in practice I see gnome-software designate libreoffice langpacks as "Proprietary Code" when a similar license tag is extracted from the rpm and propogated into appstream.
https://bugs.documentfoundation.org/show_bug.cgi?id=154056