please correct your license to ne a vaild SPDX expression #33
Comments
|
I do not use tooling with SPDX, so I am not sure what is correct here. @graingert since you touched this before, is adding |
|
Brackets are implicit in node license field. When you publish npm will tell you if it's not valid. |
|
not according to the docs https://docs.npmjs.com/files/package.json https://github.com/david-a-wheeler/spdx-tutorial#spdx-tutorial |
|
If I set the license field to random nonsense I get: with or without the brackets I don't get that message. |
|
I dont use docker here, but I guess thats an escape problem of the docker scripts, try escaping the braces with a backslash or double them, maybe both and we will see. Or, maybe we should file an issue to docker. As there is no docker script in your repo and I dont know your tool-chain I can't tell... |
|
@HansHammel docker? |
|
Without the brackets your licence is recognised as a custom licence type instead of the combination of a BSD-3-Clause OR MIT licence. So while it is still the correct format in a sense its is correct but it's not setting the type you would think. I have made the proposed changes in my pull request #34 Doc link |
> require('spdx').parse('LGPL-2.1 OR MIT')
{ conjunction: 'or',
left: { license: 'LGPL-2.1' },
right: { license: 'MIT' } }
> |
by what software? |
|
We use sonatype software to identify javascript licences and when it is not int the correct format it can't seem to figure out the license. Though I do see that it still works with the spdx library and for NPM. |
|
@c-okelly sounds like a sonatype bug. |
|
Something it should handle for sure but the documentation does have the brackets. |
|
@c-okelly the ABNF is |
|
"Composite License Expressions More expressive composite license expressions can be constructed using "OR", "AND", and "WITH" operators similar to constructing mathematical expressions using arithmetic operators. For the Tag:value format, any license expression that consists of more than one license identifier and/or LicenseRef, should be encapsulated by parentheses: "( )". This has been specified to facilitate expression parsing. Nested parentheses can also be used to specify an order of precedence which is discussed in more detail in subsection (4)." Tbh I'm not sure even after reading it but this is the most relevant section I could find? Though it only says should not must. |
|
@c-okelly that only applies to the 'Tag:value' format |
|
And 'Tag:value' format is specific to RDFa |
|
@graingert Would it be possible to close the issue accordingly then? Thanks, C |
|
@c-okelly can you raise an issue with sonatype and link to it from here? So that people who find this issue via google can continue the discussion there rather than here. |
|
@graingert I have raised the issue with them but they have no tracking facility. |
|
@c-okelly yeah they do: https://issues.sonatype.org/secure/Dashboard.jspa |
|
@graingert Honestly man this is about as far as i'm interested. We are on a trail license with them for one of their products and they won't explain how their "algorithm" actually works. I've given all this information about this and other issues for licensing back to their customer support.The SPDX documentation is vague at best as highlighted in this issue. There is a good chance this is not the actual issue anyway but it was a place to start. |
you are missing the brackets see https://github.com/david-a-wheeler/spdx-tutorial#spdx-tutorial for examples
The text was updated successfully, but these errors were encountered: