LICENSE values for non-standard OSS licenses

Adam Dinwoodie adam@dinwoodie.org
Wed Oct 12 09:00:11 GMT 2022 

On Tue, Oct 11, 2022 at 02:13:00PM -0600, Brian Inglis wrote:
> On Tue, 11 Oct 2022 09:37:23 +0100, Adam Dinwoodie wrote:
> > I'm trying to upload a new version of git-filter-repo, and took the
> > opportunity to set the LICENSE value in the cygport file.  The new value
> > looks valid according to my reading of the SPDX specification, but is
> > being rejected by calm.
> > The license for git-filter-repo is a bit complicated, because different
> > parts have different licenses, and several of them aren't "normal"
> > licenses.  The license is described at [0] and files referenced / linked
> > from there.
> > [0]: https://github.com/newren/git-filter-repo/blob/main/COPYING
> > I've encoded this as the somewhat verbose
> >     LICENSE='(MIT OR LicenseRef-inherit-git OR LicenseRef-inherit-libgit2) AND (MIT OR LicenseRef-inherit-git OR LicenseRef-inherit-libgit2 OR LicenseRef-inherit-libgit2-examples) AND GPL-2.0-only'
> > The error I'm getting from calm is as follows:
> > ```
> > ERROR: invalid hints git-filter-repo-2.38.0-1-src.hint
> > ERROR: package 'git-filter-repo': errors in license expression: ['Unknown license key(s): LicenseRef-inherit-git, LicenseRef-inherit-libgit2, LicenseRef-inherit-libgit2-examples']
> > ERROR: errors while parsing hints for package 'git-filter-repo'
> > ERROR: error parsing /sourceware/cygwin-staging/home/Adam Dinwoodie/noarch/release/git-filter-repo/git-filter-repo-2.38.0-1-src.hint
> > ERROR: error while reading uploaded arch noarch packages from maintainer Adam Dinwoodie
> > SUMMARY: 5 ERROR(s)
> > ```
> > So it looks like the issue is the way I've encoded the non-standard
> > licensing options.  "LicenseRef-"(idstring) seems to be the way to
> > encode this sort scenario, per [1] and [2], but that doesn't seem to be
> > acceptable to calm.
> > [1]: https://spdx.github.io/spdx-spec/v2.3/other-licensing-information-detected/
> > [2]: https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/
> > Are there any suggestions about how to resolve this?  I don't think I
> > can just use the standard license strings: even if we used GPL-2.0-only
> > in place of LicenseRef-inherit-git -- incorrect as that's the license
> > *currently* used by Git, but the license for git-filter-repo explicitly
> > incorporates any future OSS license Git might use -- that still leaves
> > the problem of LicenseRef-inherit-libgit2, which is currently GPL 2.0
> > with an exception that's not covered by any of the SPDX standard
> > exceptions.
> > For now I can just remove the LICENSE values to get the build released,
> > but that seems like a temporary approach at best...
> 
> To a similar issue of mine in another thread here (search license) Jon
> replied calm uses:
> 
> 	https://github.com/nexB/license-expression
> 
> produced by the same project/dev as scancode (which scans a codebase to
> identify licences as part of project AboutCode), which has registered an
> SPDX namespace for its own LicenceRefs available at:
> 
> 	https://scancode-licensedb.aboutcode.org/
> 
> which makes me believe Cygwin should use LicenseRef-scancode-public-domain
> or as referenced there LicenseRef-PublicDomain, and license-expression
> should be able to use the scancode list.

I'm not sure I understand your point.  Neither
LicenseRef-scancode-public-domain nor LicenseRef-PublicDomain look
appropriate here, as none of the code has been placed in the public
domain.

I'm a bit confused about the "Cygwin should use" point, too: are you
saying that Cygwin itself should be declared as having a public domain
license?  I think that's not true, too, per
https://cygwin.com/licensing.html

More information about the Cygwin-apps mailing list