| Message ID | 20180813131135.32651-2-chrismcc@gmail.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | scancpan patches | expand |
2018-08-13 15:11 GMT+02:00 Christopher McCrory <chrismcc@gmail.com>: > from perl-module-build Module/Build/Base.pm %licenses > GPL, LGPT, and BSD > > Signed-off-by: Christopher McCrory <chrismcc@gmail.com> > Acked-by: Francois Perrad <francois.perrad@gadz.org> > --- > utils/scancpan | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/utils/scancpan b/utils/scancpan > index da8e7b91ac..2070e2a233 100755 > --- a/utils/scancpan > +++ b/utils/scancpan > @@ -692,8 +692,19 @@ while (my ($distname, $dist) = each %dist) { > : $dist->{license}; > # BR requires license name as in http://spdx.org/licenses/ > $license =~ s|apache_2_0|Apache-2.0|; > + $license =~ s|apache_1_1|Apache-1.1|; > + $license =~ s|apache|Apache-2.0|; > $license =~ s|artistic_2|Artistic-2.0|; > + $license =~ s|artistic|Artistic-1.0|; > + $license =~ s|lgpl_2_1|LGPL-2.1|; > + $license =~ s|lgpl_3_0|LGPL-3.0|; > + $license =~ s|lgpl|LGPL-2.1|; > + $license =~ s|bsd|BSD|; > + $license =~ s|gpl_2|GPL-2.0|; > + $license =~ s|gpl_3|GPL-3.0|; > + $license =~ s|gpl|GPL-1.0|; > $license =~ s|mit|MIT|; > + $license =~ s|mozilla_1_1|Mozilla-1.1|; > $license =~ s|openssl|OpenSSL|; > $license =~ s|perl_5|Artistic or GPL-1.0+|; > my $license_files = join q{ }, keys %{$license_files{$distname}}; > -- > 2.14.4 > > <div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2018-08-13 15:11 GMT+02:00 Christopher McCrory <span dir="ltr"><<a href="mailto:chrismcc@gmail.com" target="_blank">chrismcc@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">from perl-module-build Module/Build/Base.pm %licenses<br> GPL, LGPT, and BSD<br> <br> Signed-off-by: Christopher McCrory <<a href="mailto:chrismcc@gmail.com">chrismcc@gmail.com</a>><br></blockquote><div><br></div><div>Acked-by: Francois Perrad <<a href="mailto:francois.perrad@gadz.org">francois.perrad@gadz.org</a>><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> ---<br> utils/scancpan | 11 +++++++++++<br> 1 file changed, 11 insertions(+)<br> <br> diff --git a/utils/scancpan b/utils/scancpan<br> index da8e7b91ac..2070e2a233 100755<br> --- a/utils/scancpan<br> +++ b/utils/scancpan<br> @@ -692,8 +692,19 @@ while (my ($distname, $dist) = each %dist) {<br> : $dist->{license};<br> # BR requires license name as in <a href="http://spdx.org/licenses/" rel="noreferrer" target="_blank">http://spdx.org/licenses/</a><br> $license =~ s|apache_2_0|Apache-2.0|;<br> + $license =~ s|apache_1_1|Apache-1.1|;<br> + $license =~ s|apache|Apache-2.0|;<br> $license =~ s|artistic_2|Artistic-2.0|;<br> + $license =~ s|artistic|Artistic-1.0|;<br> + $license =~ s|lgpl_2_1|LGPL-2.1|;<br> + $license =~ s|lgpl_3_0|LGPL-3.0|;<br> + $license =~ s|lgpl|LGPL-2.1|;<br> + $license =~ s|bsd|BSD|;<br> + $license =~ s|gpl_2|GPL-2.0|;<br> + $license =~ s|gpl_3|GPL-3.0|;<br> + $license =~ s|gpl|GPL-1.0|;<br> $license =~ s|mit|MIT|;<br> + $license =~ s|mozilla_1_1|Mozilla-1.1|;<br> $license =~ s|openssl|OpenSSL|;<br> $license =~ s|perl_5|Artistic or GPL-1.0+|;<br> my $license_files = join q{ }, keys %{$license_files{$distname}};<br> <span class="gmail-HOEnZb"><font color="#888888">-- <br> 2.14.4<br> <br> </font></span></blockquote></div><br></div></div>
Hello, On Mon, 13 Aug 2018 06:11:34 -0700, Christopher McCrory wrote: > $license =~ s|apache_2_0|Apache-2.0|; > + $license =~ s|apache_1_1|Apache-1.1|; > + $license =~ s|apache|Apache-2.0|; So just "apache" always means it's Apache-2.0 ? > $license =~ s|artistic_2|Artistic-2.0|; > + $license =~ s|artistic|Artistic-1.0|; > + $license =~ s|lgpl_2_1|LGPL-2.1|; > + $license =~ s|lgpl_3_0|LGPL-3.0|; > + $license =~ s|lgpl|LGPL-2.1|; Just "lgpl" always means it's LGPL-2.1 ? > + $license =~ s|bsd|BSD|; "BSD" is not a license. There are several different BSD licenses. Though with just "bsd" as an initial information, there's not much you can do :-/ Best regards, Thomas
On Mon, Aug 13, 2018 at 9:54 AM, Thomas Petazzoni < thomas.petazzoni@bootlin.com> wrote: > Hello, > > On Mon, 13 Aug 2018 06:11:34 -0700, Christopher McCrory wrote: > > > $license =~ s|apache_2_0|Apache-2.0|; > > + $license =~ s|apache_1_1|Apache-1.1|; > > + $license =~ s|apache|Apache-2.0|; > > So just "apache" always means it's Apache-2.0 ? > > > $license =~ s|artistic_2|Artistic-2.0|; > > + $license =~ s|artistic|Artistic-1.0|; > > + $license =~ s|lgpl_2_1|LGPL-2.1|; > > + $license =~ s|lgpl_3_0|LGPL-3.0|; > > + $license =~ s|lgpl|LGPL-2.1|; > > Just "lgpl" always means it's LGPL-2.1 ? > > Apparently > > + $license =~ s|bsd|BSD|; > > "BSD" is not a license. There are several different BSD licenses. > Though with just "bsd" as an initial information, there's not much you > can do :-/ > > yea :( AFAICT, this is the source from Base.pm my %licenses = ( perl => 'Perl_5', apache => 'Apache_2_0', apache_1_1 => 'Apache_1_1', artistic => 'Artistic_1', artistic_2 => 'Artistic_2', lgpl => 'LGPL_2_1', lgpl2 => 'LGPL_2_1', lgpl3 => 'LGPL_3_0', bsd => 'BSD', gpl => 'GPL_1', gpl2 => 'GPL_2', gpl3 => 'GPL_3', mit => 'MIT', mozilla => 'Mozilla_1_1', restrictive => 'Restricted', open_source => undef, unrestricted => undef, unknown => undef, ); # TODO - would be nice to not have these here, since they're more # properly stored only in Software::License my %license_urls = ( perl => 'http://dev.perl.org/licenses/', apache => 'http://apache.org/licenses/LICENSE-2.0', apache_1_1 => 'http://apache.org/licenses/LICENSE-1.1', artistic => 'http://opensource.org/licenses/artistic-license.php', artistic_2 => 'http://opensource.org/licenses/artistic-license-2.0.php ', lgpl => 'http://opensource.org/licenses/lgpl-license.php', lgpl2 => 'http://opensource.org/licenses/lgpl-2.1.php', lgpl3 => 'http://opensource.org/licenses/lgpl-3.0.html', bsd => 'http://opensource.org/licenses/bsd-license.php', gpl => 'http://opensource.org/licenses/gpl-license.php', gpl2 => 'http://opensource.org/licenses/gpl-2.0.php', gpl3 => 'http://opensource.org/licenses/gpl-3.0.html', mit => 'http://opensource.org/licenses/mit-license.php', mozilla => 'http://opensource.org/licenses/mozilla1.1.php', restrictive => undef, open_source => undef, unrestricted => undef, unknown => undef, ); > Best regards, > > Thomas > -- > Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons) > Embedded Linux and Kernel engineering > https://bootlin.com >
Christopher, All, On 2018-08-13 10:35 -0700, Christopher McCrory spake thusly: > On Mon, Aug 13, 2018 at 9:54 AM, Thomas Petazzoni < [1]thomas.petazzoni@bootlin.com> wrote: > > + $license =~ s|lgpl|LGPL-2.1|; > Just "lgpl" always means it's LGPL-2.1 ? > Apparently IANAL... Usually, if any license of the GPL familly is used without any version specified, then it means just any version can be used: https://www.gnu.org/licenses/gpl.html 14. Revised Versions of this License. [...] If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. Similar clauses can be had for each license. So I doubt 'lgpl' would stand for LGPL-2.1. Besides, see below... > > + $license =~ s|bsd|BSD|; > "BSD" is not a license. There are several different BSD licenses. > Though with just "bsd" as an initial information, there's not much you > can do :-/ > > yea :( > AFAICT, this is the source from Base.pm What 'Base.pm' are you talink about? On my Ubuntu 17.10, I get: $ apt-file search /Base.pm |wc -l 191 > my %licenses = ( > perl => 'Perl_5', > apache => 'Apache_2_0', > apache_1_1 => 'Apache_1_1', > artistic => 'Artistic_1', > artistic_2 => 'Artistic_2', > lgpl => 'LGPL_2_1', > lgpl2 => 'LGPL_2_1', > lgpl3 => 'LGPL_3_0', > bsd => 'BSD', > gpl => 'GPL_1', > gpl2 => 'GPL_2', > gpl3 => 'GPL_3', > mit => 'MIT', > mozilla => 'Mozilla_1_1', > restrictive => 'Restricted', > open_source => undef, > unrestricted => undef, > unknown => undef, > ); > > # TODO - would be nice to not have these here, since they're more > # properly stored only in Software::License > my %license_urls = ( > perl => 'http://dev.perl.org/licenses/', > apache => 'http://apache.org/licenses/LICENSE-2.0', > apache_1_1 => 'http://apache.org/licenses/LICENSE-1.1', > artistic => 'http://opensource.org/licenses/artistic-license.php', > artistic_2 => 'http://opensource.org/licenses/artistic-license-2.0.php', > lgpl => 'http://opensource.org/licenses/lgpl-license.php', > lgpl2 => 'http://opensource.org/licenses/lgpl-2.1.php', > lgpl3 => 'http://opensource.org/licenses/lgpl-3.0.html', > bsd => 'http://opensource.org/licenses/bsd-license.php', > gpl => 'http://opensource.org/licenses/gpl-license.php', > gpl2 => 'http://opensource.org/licenses/gpl-2.0.php', > gpl3 => 'http://opensource.org/licenses/gpl-3.0.html', > mit => 'http://opensource.org/licenses/mit-license.php', > mozilla => 'http://opensource.org/licenses/mozilla1.1.php', > restrictive => undef, > open_source => undef, > unrestricted => undef, > unknown => undef, > ); And at the same time, still on my Ubuntu 17.10, I was looking at /usr/share/perl/5.26.0/CPAN/Meta/Converter.pm, which has; # The "old" values were defined by Module::Build, and were often vague. # I have # made the decisions below based on reading Module::Build::API and how # clearly # it specifies the version of the license. my %license_map_2 = ( (map { $_ => $_ } @valid_licenses_2), apache => 'apache_2_0', # clearly stated as 2.0 artistic => 'artistic_1', # clearly stated as 1 artistic2 => 'artistic_2', # clearly stated as 2 gpl => 'open_source', # we don't know which GPL; punt lgpl => 'open_source', # we don't know which LGPL; punt mozilla => 'open_source', # we don't know which MPL; punt perl => 'perl_5', # clearly Perl 5 restrictive => 'restricted', ); So... The resolution is not that clear-cut IMNSHO... Regards, Yann E. MORIN.
On 13-08-18 23:16, Yann E. MORIN wrote: > Christopher, All, > > On 2018-08-13 10:35 -0700, Christopher McCrory spake thusly: >> On Mon, Aug 13, 2018 at 9:54 AM, Thomas Petazzoni < [1]thomas.petazzoni@bootlin.com> wrote: >> > + $license =~ s|lgpl|LGPL-2.1|; >> Just "lgpl" always means it's LGPL-2.1 ? >> Apparently > > IANAL... > > Usually, if any license of the GPL familly is used without any version > specified, then it means just any version can be used: But that is not the case here. In this case, it's most likely an incomplete manifest, not a package that is actually under any GPL version. So instead, scancpan should issue a warning. I have the feeling that the licenses mentioned in perl packages are not very reliable, unless it is "perl". > > https://www.gnu.org/licenses/gpl.html > > 14. Revised Versions of this License. > > [...] If the Program does not specify a version number of the GNU > General Public License, you may choose any version ever published > by the Free Software Foundation. > > Similar clauses can be had for each license. So I doubt 'lgpl' would > stand for LGPL-2.1. > > Besides, see below... > >> > + $license =~ s|bsd|BSD|; >> "BSD" is not a license. There are several different BSD licenses. >> Though with just "bsd" as an initial information, there's not much you >> can do :-/ >> >> yea :( >> AFAICT, this is the source from Base.pm > > What 'Base.pm' are you talink about? On my Ubuntu 17.10, I get: > > $ apt-file search /Base.pm |wc -l > 191 > >> my %licenses = ( >> perl => 'Perl_5', >> apache => 'Apache_2_0', >> apache_1_1 => 'Apache_1_1', >> artistic => 'Artistic_1', >> artistic_2 => 'Artistic_2', >> lgpl => 'LGPL_2_1', >> lgpl2 => 'LGPL_2_1', >> lgpl3 => 'LGPL_3_0', >> bsd => 'BSD', >> gpl => 'GPL_1', >> gpl2 => 'GPL_2', >> gpl3 => 'GPL_3', >> mit => 'MIT', >> mozilla => 'Mozilla_1_1', >> restrictive => 'Restricted', >> open_source => undef, >> unrestricted => undef, >> unknown => undef, >> ); >> >> # TODO - would be nice to not have these here, since they're more >> # properly stored only in Software::License >> my %license_urls = ( >> perl => 'http://dev.perl.org/licenses/', >> apache => 'http://apache.org/licenses/LICENSE-2.0', >> apache_1_1 => 'http://apache.org/licenses/LICENSE-1.1', >> artistic => 'http://opensource.org/licenses/artistic-license.php', >> artistic_2 => 'http://opensource.org/licenses/artistic-license-2.0.php', >> lgpl => 'http://opensource.org/licenses/lgpl-license.php', >> lgpl2 => 'http://opensource.org/licenses/lgpl-2.1.php', >> lgpl3 => 'http://opensource.org/licenses/lgpl-3.0.html', >> bsd => 'http://opensource.org/licenses/bsd-license.php', >> gpl => 'http://opensource.org/licenses/gpl-license.php', >> gpl2 => 'http://opensource.org/licenses/gpl-2.0.php', >> gpl3 => 'http://opensource.org/licenses/gpl-3.0.html', >> mit => 'http://opensource.org/licenses/mit-license.php', >> mozilla => 'http://opensource.org/licenses/mozilla1.1.php', >> restrictive => undef, >> open_source => undef, >> unrestricted => undef, >> unknown => undef, >> ); > > And at the same time, still on my Ubuntu 17.10, I was looking at > /usr/share/perl/5.26.0/CPAN/Meta/Converter.pm, which has; > > # The "old" values were defined by Module::Build, and were often vague. > # I have > # made the decisions below based on reading Module::Build::API and how > # clearly > # it specifies the version of the license. > my %license_map_2 = ( > (map { $_ => $_ } @valid_licenses_2), > apache => 'apache_2_0', # clearly stated as 2.0 > artistic => 'artistic_1', # clearly stated as 1 > artistic2 => 'artistic_2', # clearly stated as 2 > gpl => 'open_source', # we don't know which GPL; punt > lgpl => 'open_source', # we don't know which LGPL; punt > mozilla => 'open_source', # we don't know which MPL; punt That sounds correct :-) Regards, Arnout > perl => 'perl_5', # clearly Perl 5 > restrictive => 'restricted', > ); > > So... The resolution is not that clear-cut IMNSHO... > > Regards, > Yann E. MORIN. >
Hello Christopher, So, taking Arnout/Yann feedback into account. On Mon, 13 Aug 2018 06:11:34 -0700, Christopher McCrory wrote: > diff --git a/utils/scancpan b/utils/scancpan > index da8e7b91ac..2070e2a233 100755 > --- a/utils/scancpan > +++ b/utils/scancpan > @@ -692,8 +692,19 @@ while (my ($distname, $dist) = each %dist) { > : $dist->{license}; > # BR requires license name as in http://spdx.org/licenses/ > $license =~ s|apache_2_0|Apache-2.0|; > + $license =~ s|apache_1_1|Apache-1.1|; > + $license =~ s|apache|Apache-2.0|; In this case, scancpan should not conclude that Apache-2.0 is used, because "apache" is not specific enough. Instead, it should emit a warning. > $license =~ s|artistic_2|Artistic-2.0|; > + $license =~ s|artistic|Artistic-1.0|; > + $license =~ s|lgpl_2_1|LGPL-2.1|; > + $license =~ s|lgpl_3_0|LGPL-3.0|; > + $license =~ s|lgpl|LGPL-2.1|; Same. > + $license =~ s|bsd|BSD|; Same. Best regards, Thomas Petazzoni
hello On Tue, Aug 14, 2018 at 4:33 AM, Thomas Petazzoni < thomas.petazzoni@bootlin.com> wrote: > Hello Christopher, > > So, taking Arnout/Yann feedback into account. > > On Mon, 13 Aug 2018 06:11:34 -0700, Christopher McCrory wrote: > > > diff --git a/utils/scancpan b/utils/scancpan > > index da8e7b91ac..2070e2a233 100755 > > --- a/utils/scancpan > > +++ b/utils/scancpan > > @@ -692,8 +692,19 @@ while (my ($distname, $dist) = each %dist) { > > : $dist->{license}; > > # BR requires license name as in http://spdx.org/licenses/ > > $license =~ s|apache_2_0|Apache-2.0|; > > + $license =~ s|apache_1_1|Apache-1.1|; > > + $license =~ s|apache|Apache-2.0|; > > In this case, scancpan should not conclude that Apache-2.0 is used, > because "apache" is not specific enough. Instead, it should emit a > warning. > > I looked at CPAN/Meta/Converter.pm that is used to generate the META.json files, it contains * apache => 'apache_2_0', # clearly stated as 2.0 But I'm going with you and warn > > $license =~ s|artistic_2|Artistic-2.0|; > > + $license =~ s|artistic|Artistic-1.0|; > > + $license =~ s|lgpl_2_1|LGPL-2.1|; > > + $license =~ s|lgpl_3_0|LGPL-3.0|; > > + $license =~ s|lgpl|LGPL-2.1|; > > Same. > > yea > > + $license =~ s|bsd|BSD|; > > Same. > > In one of the perl bits that generate the META.json files it adds the URL https://opensource.org/licenses/bsd-license.php which is the BSD 2 clause version. But a google search with site:metacpan.org 'LICENCE: bsd' finds a mixture of two and three clause versions I'll gen up another submission with these fixes. Best regards, > > Thomas Petazzoni > -- > Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons) > Embedded Linux and Kernel engineering > https://bootlin.com >
diff --git a/utils/scancpan b/utils/scancpan index da8e7b91ac..2070e2a233 100755 --- a/utils/scancpan +++ b/utils/scancpan @@ -692,8 +692,19 @@ while (my ($distname, $dist) = each %dist) { : $dist->{license}; # BR requires license name as in http://spdx.org/licenses/ $license =~ s|apache_2_0|Apache-2.0|; + $license =~ s|apache_1_1|Apache-1.1|; + $license =~ s|apache|Apache-2.0|; $license =~ s|artistic_2|Artistic-2.0|; + $license =~ s|artistic|Artistic-1.0|; + $license =~ s|lgpl_2_1|LGPL-2.1|; + $license =~ s|lgpl_3_0|LGPL-3.0|; + $license =~ s|lgpl|LGPL-2.1|; + $license =~ s|bsd|BSD|; + $license =~ s|gpl_2|GPL-2.0|; + $license =~ s|gpl_3|GPL-3.0|; + $license =~ s|gpl|GPL-1.0|; $license =~ s|mit|MIT|; + $license =~ s|mozilla_1_1|Mozilla-1.1|; $license =~ s|openssl|OpenSSL|; $license =~ s|perl_5|Artistic or GPL-1.0+|; my $license_files = join q{ }, keys %{$license_files{$distname}};
from perl-module-build Module/Build/Base.pm %licenses GPL, LGPT, and BSD Signed-off-by: Christopher McCrory <chrismcc@gmail.com> --- utils/scancpan | 11 +++++++++++ 1 file changed, 11 insertions(+)