Re: Use SPDX license identifiers to indicate licenses?

chicken-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use SPDX license identifiers to indicate licenses?

From:	Mario Domenech Goulart
Subject:	Re: Use SPDX license identifiers to indicate licenses?
Date:	Mon, 26 Oct 2020 21:13:20 +0100

Hi Lassi,

On Mon, 26 Oct 2020 20:09:22 +0200 Lassi Kortela <lassi@lassi.io> wrote:

>> Also, we'd need some code to interpret SPDX expressions,
>> which to the best of my knowledge doesn't exist for Scheme (yet).
>
> Göran has a SPDX library for R6RS: https://github.com/weinholt/spdx

Cool!  Thanks for the pointer.  I could get it running on CHICKEN with
some hacks [1].  I'll try to come up with a way to package it to CHICKEN
somehow.  I couldn't manage to make it work without actually touching
the upstream files, though (maybe I'll have to fork it the ugly way).

> It parses license expressions into the following S-expressions:
>
> * (or expr0 expr1) — A choice between license expressions.
> * (and expr0 expr1) — A requirement to comply with both license expressions.
> * (with license exception) — A license identifier with a license
> exception identifier (both strings).
> * (user-defined document-ref license-ref) — This is a user-defined
> license reference. The document is optional and #f if omitted,
> otherwise both are strings.
> * (+ license-identifier) — Represents "(or later)". Example: (+
> "GPL-3.0") represents "GNU GPL version 3 (or later)".
> * license-identifier — A string identifying a license. Example: "GPL-3.0".
>
> Chicken egg manifest files could use that S-expresion format.
>
> Most eggs probably stick to a single license, in which the license
> expression would be just a string as it is now, just in a standard
> format.

Indeed.

>> Indeed.  I think SPDX is probably the best standard if we do want to go
>> in the direction of checking licenses.  In the exceptional cases where
>> the license cannot be found in the SPDX database, we can always require
>> the license file to be somehow linked to the identifier used in the
>> `license` field in the .egg file.  Something like:
>>
>>    (license "MSL" "my-special-license.txt")
>>
>> Currently the format is
>>
>>    (license <id>)
>>
>> where <id> is a free string.  We could support a second field to specify
>> a file that must exist in the source code of the egg, as checked out by
>> chicken-install.
>
> We could start by finding out how many eggs currently use an exotic
> license that doesn't have a standard identifier. If there are only a
> few of them and the authors are known, it could be easiest to ask if
> they'd like to switch to something more standard.
>
> A ruby gem called "licensee" provides a command line tool to identify
> licenses by statistical text matching; maybe it can be run against the
> git repo with all eggs. Licensee is the gem that GitHub uses to show
> the name of the license in their web UI.

Thanks.  It looks like one of its dependencies requires ruby 2.4, but I
only have ruby 2.3 installed:

$ gem install --user-install licensee
WARNING:  You don't have /home/mario/.gem/ruby/2.3.0/bin in your PATH,
          gem executables will not run.
ERROR:  Error installing licensee:
        faraday requires Ruby version >= 2.4.

>>> In fact, in SRFI we also have this problem: pretty regularly someone
>>> is doing detective work trying to figure out where some file in a
>>> reference implementation came from and how it is licensed.
>>
>> I asked John Cowan that question myself. :-)
>
> Did this lead to a plan for SRFI? :) IMHO it would be a timesaver
> there as well.

Not that I know. :-)


[1]
$ csi -s parser.sps

-- testing spdx-parser -------------------------------------------------------
(parse-license-expression "(LGPL-2.1 OR MIT)") ....................... [ PASS]
(parse-license-expression "(LGPL-2.1 OR MIT OR BSD-3-Clause)") ....... [ PASS]
(parse-license-expression "(LGPL-2.1 AND MIT)") ...................... [ PASS]
(parse-license-expression "(LGPL-2.1 AND MIT AND BSD-2-Clause)") ..... [ PASS]
(parse-license-expression "(GPL-2.0+ WITH Bison-exception-2.2)") ..... [ PASS]
5 tests completed in 1/250 seconds.
5 out of 5 (100%) tests passed.
-- done testing spdx-parser --------------------------------------------------


-- testing spdx-user ---------------------------------------------------------
(parse-license-expression "LicenseRef-23") ........................... [ PASS]
(parse-license-expression "LicenseRef-MIT-Style-1") .................. [ PASS]
(parse-license-expression "DocumentRef-spdx-tool-1.2:LicenseRef... ... [ PASS]
3 tests completed in 1/1000 seconds.
3 out of 3 (100%) tests passed.
-- done testing spdx-user ----------------------------------------------------


-- testing spdx-precedence ---------------------------------------------------
(parse-license-expression "LGPL-2.1 OR BSD-3-Clause AND MIT") ........ [ PASS]
(parse-license-expression "(MIT AND (LGPL-2.1+ OR BSD-3-Clause))") ... [ PASS]
(parse-license-expression "LGPL-2.1 AND MIT OR BSD-3-Clause AND... ... [ PASS]
3 tests completed in 1/500 seconds.
3 out of 3 (100%) tests passed.
-- done testing spdx-precedence ----------------------------------------------


-- testing spdx-ci -----------------------------------------------------------
(parse-license-expression "GPL-2.0+ With Bison-exception-2.2 an... ... [ PASS]
1 test completed in 1/1000 seconds.
1 out of 1 (100%) test passed.
-- done testing spdx-ci ------------------------------------------------------


-- testing spdx-format -------------------------------------------------------
(format-license-expression (parse-license-expression "(LGPL-2.1... ... [ PASS]
(format-license-expression (parse-license-expression "(LGPL-2.1... ... [ PASS]
(format-license-expression (parse-license-expression "(LGPL-2.1... ... [ PASS]
(format-license-expression (parse-license-expression "(LGPL-2.1... ... [ PASS]
(format-license-expression (parse-license-expression "(GPL-2.0+... ... [ PASS]
(format-license-expression (parse-license-expression "GPL-2.0+ ... ... [ PASS]
(format-license-expression '(or (and "LGPL-2.1" "MIT") (and "BS... ... [ PASS]
(format-license-expression (parse-license-expression "LicenseRe... ... [ PASS]
8 tests completed in 1/200 seconds.
8 out of 8 (100%) tests passed.
-- done testing spdx-format --------------------------------------------------
  

All the best.
Mario
-- 
http://parenteses.org/mario

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Use SPDX license identifiers to indicate licenses?, Lassi Kortela, 2020/10/26
- Re: Use SPDX license identifiers to indicate licenses?, Mario Domenech Goulart, 2020/10/26
  - Re: Use SPDX license identifiers to indicate licenses?, Lassi Kortela, 2020/10/26
    - Re: Use SPDX license identifiers to indicate licenses?, Mario Domenech Goulart <=

Prev by Date: Re: Use SPDX license identifiers to indicate licenses?
Previous by thread: Re: Use SPDX license identifiers to indicate licenses?
Index(es):
- Date
- Thread