| Message ID | 20200227204335.25823-1-asafka7@gmail.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [1/1] package/python-bsdiff4: new packge | expand |
Hello, On Thu, 27 Feb 2020 22:43:35 +0200 Asaf Kahlon <asafka7@gmail.com> wrote: > License file isn't shipped with the package, so PKG-INFO > is used instead. I am concerned by the license here. > +PYTHON_BSDIFF4_VERSION = 1.1.9 > +PYTHON_BSDIFF4_SOURCE = bsdiff4-$(PYTHON_BSDIFF4_VERSION).tar.gz > +PYTHON_BSDIFF4_SITE = https://files.pythonhosted.org/packages/39/34/bd2ae6cd4b2a5d3af9173a9d7f6ecd2723ea7b0401ad807a0c7e7b50faa3 > +PYTHON_BSDIFF4_LICENSE = BSD-2-Clause > +PYTHON_BSDIFF4_LICENSE_FILES = PKG-INFO PKG-INFO only says "BSD", and nothing in the source code indicates what is the license. The only indication is in core.c, which contains: /* The code below is mostly derived from cx_bsdiff (written by Anthony Tuininga, http://cx-bsdiff.sourceforge.net/). The cx_bsdiff code in turn was derived from bsdiff, the standalone utility produced for BSD which can be found at http://www.daemonology.net/bsdiff. */ If we visit http://cx-bsdiff.sourceforge.net/ we can find http://cx-bsdiff.sourceforge.net/LICENSE.txt, which is not the BSD-2-Clause, but some weird license called the "BSD Protection License", which is known by SPDX as BSD-Protection: https://spdx.org/licenses/BSD-Protection.html Could you try to clarify what is the license of this package ? It would be really good for PyPi to be a bit more "strict" in the description of the licenses. Thanks! Thomas
Hello Thomas, On Sat, Apr 25, 2020 at 11:53 PM Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote: > > Hello, > > On Thu, 27 Feb 2020 22:43:35 +0200 > Asaf Kahlon <asafka7@gmail.com> wrote: > > > License file isn't shipped with the package, so PKG-INFO > > is used instead. > > I am concerned by the license here. > > > +PYTHON_BSDIFF4_VERSION = 1.1.9 > > +PYTHON_BSDIFF4_SOURCE = bsdiff4-$(PYTHON_BSDIFF4_VERSION).tar.gz > > +PYTHON_BSDIFF4_SITE = https://files.pythonhosted.org/packages/39/34/bd2ae6cd4b2a5d3af9173a9d7f6ecd2723ea7b0401ad807a0c7e7b50faa3 > > +PYTHON_BSDIFF4_LICENSE = BSD-2-Clause > > +PYTHON_BSDIFF4_LICENSE_FILES = PKG-INFO > > PKG-INFO only says "BSD", and nothing in the source code indicates what > is the license. > > The only indication is in core.c, which contains: > > /* > The code below is mostly derived from cx_bsdiff (written by Anthony > Tuininga, http://cx-bsdiff.sourceforge.net/). The cx_bsdiff code in > turn was derived from bsdiff, the standalone utility produced for BSD > which can be found at http://www.daemonology.net/bsdiff. > */ > > If we visit http://cx-bsdiff.sourceforge.net/ we can find > http://cx-bsdiff.sourceforge.net/LICENSE.txt, which is not the > BSD-2-Clause, but some weird license called the "BSD Protection > License", which is known by SPDX as BSD-Protection: > https://spdx.org/licenses/BSD-Protection.html > > Could you try to clarify what is the license of this package ? It would > be really good for PyPi to be a bit more "strict" in the description of > the licenses. Thanks for the reply! I privately contacted the maintainer of the package and he told me he released the package under BSD-2-Clause (as in the current patch). Moreover, according to spdx_lookup, it has 90.5% confidence that BSD-2-Clause is the type of the license file committed in the repo (which, as stated in the commit message, unfortunately isn't shipped with the package). Do you want to apply the current version of the patch? Do you have any other suggestion? > > Thanks! > > Thomas > -- > Thomas Petazzoni, CTO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com Best regards, Asaf.
Hello, On Sun, 26 Apr 2020 21:03:04 +0300 Asaf Kahlon <asafka7@gmail.com> wrote: > > Could you try to clarify what is the license of this package ? It would > > be really good for PyPi to be a bit more "strict" in the description of > > the licenses. > Thanks for the reply! > I privately contacted the maintainer of the package and he told me he released > the package under BSD-2-Clause (as in the current patch). > Moreover, according to spdx_lookup, it has 90.5% confidence that BSD-2-Clause > is the type of the license file committed in the repo (which, as > stated in the commit > message, unfortunately isn't shipped with the package). > > Do you want to apply the current version of the patch? > Do you have any other suggestion? If you are in contact with the maintainer, it would be nice if he could add an explicit "LICENSE" file that clarifies the license. Thanks a lot! Thomas
Hello, On Mon, Apr 27, 2020 at 8:35 AM Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote: > > Hello, > > On Sun, 26 Apr 2020 21:03:04 +0300 > Asaf Kahlon <asafka7@gmail.com> wrote: > > > > Could you try to clarify what is the license of this package ? It would > > > be really good for PyPi to be a bit more "strict" in the description of > > > the licenses. > > Thanks for the reply! > > I privately contacted the maintainer of the package and he told me he released > > the package under BSD-2-Clause (as in the current patch). > > Moreover, according to spdx_lookup, it has 90.5% confidence that BSD-2-Clause > > is the type of the license file committed in the repo (which, as > > stated in the commit > > message, unfortunately isn't shipped with the package). > > > > Do you want to apply the current version of the patch? > > Do you have any other suggestion? > > If you are in contact with the maintainer, it would be nice if he could > add an explicit "LICENSE" file that clarifies the license. > The maintainer has just added a section in the license file regarding the use of "BSD Protection License" in core.c. It can be seen here: https://github.com/ilanschnell/bsdiff4/commit/935149e7828b0e04fc95d34030479d8e297aae00 In addition, I've sent a PR for him with a MANIFEST.in file in order to include the license file in the package. Until it's merged and a new version is released, I'll send a v2 stating the package has BSD-2-Clause and BSD-Protection. > Thanks a lot! > > Thomas > -- > Thomas Petazzoni, CTO, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com Regards, Asaf.
diff --git a/package/Config.in b/package/Config.in index dfa3f34b9d..14845436b0 100644 --- a/package/Config.in +++ b/package/Config.in @@ -878,6 +878,7 @@ menu "External python modules" source "package/python-bluezero/Config.in" source "package/python-bottle/Config.in" source "package/python-brotli/Config.in" + source "package/python-bsdiff4/Config.in" source "package/python-bunch/Config.in" source "package/python-cached-property/Config.in" source "package/python-can/Config.in" diff --git a/package/python-bsdiff4/Config.in b/package/python-bsdiff4/Config.in new file mode 100644 index 0000000000..a383cda0f5 --- /dev/null +++ b/package/python-bsdiff4/Config.in @@ -0,0 +1,8 @@ +config BR2_PACKAGE_PYTHON_BSDIFF4 + bool "python-bsdiff4" + select BR2_PACKAGE_PYTHON_BZIP2 if BR2_PACKAGE_PYTHON # runtime + select BR2_PACKAGE_PYTHON3_BZIP2 if BR2_PACKAGE_PYTHON3 # runtime + help + binary diff and patch using the BSDIFF4-format. + + https://github.com/ilanschnell/bsdiff4 diff --git a/package/python-bsdiff4/python-bsdiff4.hash b/package/python-bsdiff4/python-bsdiff4.hash new file mode 100644 index 0000000000..6db2535cc1 --- /dev/null +++ b/package/python-bsdiff4/python-bsdiff4.hash @@ -0,0 +1,5 @@ +# md5, sha256 from https://pypi.org/pypi/bsdiff4/json +md5 59ae574a8bc2aae659ce4c282293202c bsdiff4-1.1.9.tar.gz +sha256 a7c48ec58dc1c4a2b9fb5da05637524d5dbb1643a3df7cdc6ed105636909ff79 bsdiff4-1.1.9.tar.gz +# Locally computed sha256 +sha256 e60be11b30cb7f07210e4c2d64246b49d20a25caf48efea5c13995788a425468 PKG-INFO diff --git a/package/python-bsdiff4/python-bsdiff4.mk b/package/python-bsdiff4/python-bsdiff4.mk new file mode 100644 index 0000000000..7caf535dcf --- /dev/null +++ b/package/python-bsdiff4/python-bsdiff4.mk @@ -0,0 +1,14 @@ +################################################################################ +# +# python-bsdiff4 +# +################################################################################ + +PYTHON_BSDIFF4_VERSION = 1.1.9 +PYTHON_BSDIFF4_SOURCE = bsdiff4-$(PYTHON_BSDIFF4_VERSION).tar.gz +PYTHON_BSDIFF4_SITE = https://files.pythonhosted.org/packages/39/34/bd2ae6cd4b2a5d3af9173a9d7f6ecd2723ea7b0401ad807a0c7e7b50faa3 +PYTHON_BSDIFF4_LICENSE = BSD-2-Clause +PYTHON_BSDIFF4_LICENSE_FILES = PKG-INFO +PYTHON_BSDIFF4_SETUP_TYPE = distutils + +$(eval $(python-package))
binary diff and patch using the BSDIFF4-format. License file isn't shipped with the package, so PKG-INFO is used instead. Signed-off-by: Asaf Kahlon <asafka7@gmail.com> --- package/Config.in | 1 + package/python-bsdiff4/Config.in | 8 ++++++++ package/python-bsdiff4/python-bsdiff4.hash | 5 +++++ package/python-bsdiff4/python-bsdiff4.mk | 14 ++++++++++++++ 4 files changed, 28 insertions(+) create mode 100644 package/python-bsdiff4/Config.in create mode 100644 package/python-bsdiff4/python-bsdiff4.hash create mode 100644 package/python-bsdiff4/python-bsdiff4.mk