Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct license anomalies in newly added pyproject.toml #2447

Closed
phillxnet opened this issue Dec 18, 2022 · 2 comments
Closed

Correct license anomalies in newly added pyproject.toml #2447

phillxnet opened this issue Dec 18, 2022 · 2 comments
Assignees
@phillxnet

Comments

@phillxnet
Copy link
Member

phillxnet commented Dec 18, 2022
edited
Loading

The recently added poetry build system is build around a pyproject.toml file which has the following entries in the top level "tool.poetry" setcion:

  • In subsection classifiers we have:

"License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)",

  • In the top level of tool.poetry we have

license = "GPL-2.0-or-later"

However we also have a reference within pyproject.toml to our "COPYING" file which dates back to the dawn of the rockstor-core repositories public release:

include = [
"COPYING", # Our GPL 3 file, but this may be redundant.
"rockstor-jslibs.tar.gz", # https://github.com/rockstor/rockstor-jslibs
"rockstor-jslibs.tar.gz.sha256sum", # sha256 of above tar.gz

It is proposed that we normalise on the oldest reference or our existing COPYING file contents which is GPL-3.0 with the proviso that we add, explicitly, the "-or-later" given the vast majority of our Python source files state this within the own headers via the term: "... either version 2 of the License, or (at your option) any later version.".

I.E. we explicitly normalise, via our new pyproject.toml, on the "GPL-3.0-or-later" (See: https://spdx.org/licenses/).

It is further proposed that we indicate the mixed license nature of our rockstor-jslibs repository that our build system, via pyproject.toml, includes when building the combination of rockstor-core and rockstor-jslibs that is our distributed produce.

For reference, a recent audit of the associated rockstor-jslibs under pr:
rockstor/rockstor-jslibs#19
has produced a (currently poorly formatted) README.md with all associated licenses detailed allowing for an overview license to be established for the rockstor-jslibs repository of, in SPDX vernacular:

SPDX-License-Identifier: (MIT AND GPL-2.0-or-later AND Apache-2.0 AND GPL-2.0-only AND LGPL-3.0-or-later AND BSD-3-Clause AND ISC)

To be absolutely clear, we are not re-licensing here, just clarify the mixed license nature of the combination of rockstor-core (GPLv3 via COPYING file) and the multitude of licenses involved with our linked rockstor-jslibs repo. Plus explicitly stating our our pyproject.toml the "-or-later" bit that we have prior-art on within our source file header.

N.B. All these licenses are both FSF Free/Libre, & OSI approved according to: SPDX License List
@phillxnet
Copy link
Member Author

@FroggyFlox and @Hooverdan96
Your comments on this? I see the only clear issue is if we declare "-or-later" bit. All previous releases have actually been bundled as GPL which implies all future releases anyway. But we do need to tighten up our explicit licensing, especially given the recent audit I did on rockstor-jslibs. We have a tone of licenses in that one, and it would be good to reduce them is my thinking: by dropping stuff we don't need or can do without. It would also be good to reduce the library count somewhat I think.

@phillxnet phillxnet mentioned this issue Dec 19, 2022
Closed
phillxnet added a commit to phillxnet/rockstor-core that referenced this issue Dec 19, 2022
@phillxnet
Correct license anomalies in newly added pyproject.toml rockstor#2447
65b8a21 
Given poetry generates license classifiers we can remove this
to focus on keeping our top level "license" property up-to-date.
The latter is updated to take account of recent and ongoing
licensing improvements across rockstor-core and rockstor-jslibs.

Includes core & jslibs release increase.
@phillxnet phillxnet mentioned this issue Dec 19, 2022
Merged
phillxnet added a commit to phillxnet/rockstor-core that referenced this issue Dec 20, 2022
@phillxnet
update versions and license re rockstor-jslibs changes rockstor#2447
fdd13b7 
We have since had further license rationalisation in
rockstor-jslibs so reflect this in our versions and
pyproject.toml combined repository license overview.
@phillxnet phillxnet self-assigned this Jan 4, 2023
phillxnet added a commit that referenced this issue Jan 4, 2023
@phillxnet
Merge pull request #2449 from phillxnet/2447_Correct_license_anomalie…
5781765 
…s_in_newly_added_pyproject.toml

Correct license anomalies in newly added pyproject.toml #2447
@phillxnet
Copy link
Member Author

Closing as:
Fixed by #2449

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phillxnet phillxnet

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@phillxnet