New attributes for license tag #347
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,7 +5,7 @@ Status: Final | |
| Type: Standards Track | ||
| Content-Type: text/x-rst | ||
| Created: 11-Oct-2017 | ||
| Post-History: 02-Jan-2018, 31-Aug-2020, 14-Apr-2022 | ||
|
|
||
| Outline | ||
| ======= | ||
|
|
@@ -346,8 +346,8 @@ Example | |
| </description> | ||
| <maintainer email="[email protected]">Someone</maintainer> | ||
|
|
||
| <license file="LICENSE" type="spdx">BSD-3-Clause</license> | ||
| <license source-files="include/my_package/linear_math/*">Zlib</license> | ||
ralph-lange marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| <url type="website">http://wiki.ros.org/my_package</url> | ||
| <url type="repository">http://www.github.com/my_org/my_package</url> | ||
|
|
@@ -465,28 +465,17 @@ Example | |
| <license> (multiple, but at least one) | ||
| -------------------------------------- | ||
|
|
||
| Name of license for this package or selected files of this package, e.g., | ||
| ``BSD-3-Clause``, ``GPL-3.0-or-later``, ``Apache-2.0``. In order to assist | ||
| machine readability, it is strongly recommended to use `SPDX license | ||
| identifiers <https://spdx.org/licenses/>`_ in this tag and to document | ||
| the use of SPDX by the ``type`` attribute. | ||
|
|
||
| In the rare case that a package (or selected source files of the package) | ||
| are licensed under multiple alternative licenses, the identifiers can be | ||
| combined by ``or`` as described in Section 7.2 of the `Machine-readable | ||
| debian/copyright file specification V1.0 | ||
| <https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/>`_. | ||
|
|
||
| Attributes | ||
| '''''''''' | ||
|
|
@@ -505,10 +494,49 @@ Attributes | |
|
|
||
| "You must give any other recipients of the Work or Derivative Works a copy of this License" | ||
|
|
||
| ``source-files="FILENAME-PATTERN"`` *(optional)* | ||
|
|
||
| A filename pattern using the simplified shell glob syntax specified in | ||
| Section 6.9 of the `Machine-readable debian/copyright file specification V1.0 | ||
| <https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/>`_ and | ||
| relative to the ``package.xml`` file. | ||
|
|
||
| The filename pattern specifies the source files this license information | ||
| refers to. The value ``source-files="*"`` refers to all source files of the | ||
| package, including source files that are downloaded automatically during the | ||
| build process - for example in the case of so-called *vendor packages*. If | ||
| the attribute is not specified, the tag again refers to all source files of | ||
| the package, including downloaded source files. | ||
|
|
||
| If the filename patterns of multiple license tags match a particular file, | ||
| the last tag applies to it - following the logic described in Section 6.9 | ||
| of the `Machine-readable debian/copyright file specification V1.0 | ||
| <https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/>`_. | ||
| Consequently, more general tags should be given first. | ||
|
|
||
| ``type="LICENSE-IDENTIFIER-TYPE"`` *(optional)* | ||
|
Contributor
There was a problem hiding this comment. I think it would be better to eliminate this
Member
There was a problem hiding this comment. I think that this is important to have as a way to suppress linter errors. In particular, I think that we should change it to be spdx is the default type. As that should be our recommendation. But if you have a non-spdx license you can set it to be "freeform" explicitly and then the linter will be suppressed and not complain about the string not matching spdx. This will encourage spdx by it being the shortest path to usage. And if they aren't using an spdx license people can be given a linting warning. And the fix for the linter is to either fix their license declaration to be spdx compatible, or declare that it's freeform with the non-default type attribute.
Contributor
There was a problem hiding this comment. If spdx is the default that works 👍
Contributor
Author
There was a problem hiding this comment. I am also in favor of making spdx the standard. @clalancette understandably argued that this would lead to very many error messages for older packages. Idea: We make freeform the default (as currently stated in this PR and approved by the TSC yesterday) but make a prominent info message in the linter tooling if the type-attribute is not specified explicitly and the license identifier is not from the SPDX list. Furthermore, we raise awareness for the license documentation topic by a Discourse post and a ROSCon talk. Then, in about a year, we can consider changing the default of the type attribute to SPDX (by a new PR to this REP) to force the maintainers of the remaining packages to resolve/clarify the license documentation. What do you think, @amacneil, @clalancette ?
Member
There was a problem hiding this comment. +1 for doing a followup/tick tock process to make it the default with strong linting/warning. But lets close this out first.
Contributor
There was a problem hiding this comment. Yes, the way I would do this is the following:
|
||
|
|
||
| The type of license identifier being used in the tag. The type should be one | ||
| of the following identifiers: ``freeform`` (default) or ``spdx``. | ||
|
|
||
| .. raw:: html | ||
|
|
||
| </font> | ||
|
|
||
| Notes | ||
| ''''' | ||
|
|
||
| The license information given in the license tags has to be consistent | ||
| with the information given in the license headers of the source files. | ||
| This may be checked by suitable linting tools. | ||
|
|
||
| Furthermore, by the license tags in the ``package.xml`` file and the | ||
| copyright information obtained from the license headers of the source files | ||
| (e.g., using ``licensecheck --copyright``) | ||
| a copyright file according to the `Machine-readable debian/copyright file | ||
| specification V1.0 <https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/>`_ | ||
| for binary versions of this package can be created automatically. | ||
|
|
||
| <url> (multiple) | ||
| ---------------- | ||
|
|
||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.