Fix global licensing being ignored with a .license file #1058
Conversation
nea89o
force-pushed
the
fix/dotlicensewithgloballicensinginfo
branch
2 times, most recently
from
aededca
to
3cd76de
Compare
nea89o
force-pushed
the
fix/dotlicensewithgloballicensinginfo
branch
from
3cd76de
to
56d6a34
Compare
There was a problem hiding this comment.
Hi @nea89o and thanks for your contribution! I struggled a bit with the reading of the issue, so I'm going to re-summarise to make sure I understand correctly:
Using closest logic, if there is copyright information inside of a file, and licensing information inside of REUSE.toml, then they are both applied to the file.
However, as I understand it, the tool currently poorly/incorrectly handles the situation where the copyright information is inside of the file's .license file.
Does that seem right?
Thanks again for your contribution!
| # Search the global licensing file for REUSE information. | ||
| if self.global_licensing: | ||
| relpath = self.relative_from_root(path) | ||
| relpath = self.relative_from_root(original_path) |
There was a problem hiding this comment.
I think this contribution is correct.
| [[annotations]] | ||
| path = "*.py" | ||
| SPDX-FileCopyrightText = "2017 Jane Doe" | ||
| SPDX-License-Identifier = "CC0-1.0" | ||
|
|
||
| [[annotations]] | ||
| path = "*.py.license" | ||
| SPDX-FileCopyrightText = "2017 Jane Doe" | ||
| SPDX-License-Identifier = "MIT" |
There was a problem hiding this comment.
This is a little strange to me, and seems incorrect. A .license file cannot/does not have licensing itself. The logic of REUSE is that these .license files are direct substitutes licensing-wise. This means that foo.py.license completely overrides the REUSE information inside of foo.py, and whenever foo.py is referenced anywhere (in REUSE.toml or in the code), we should really be looking at the contents of foo.py.license instead.
The second [[annotations]] table should probably be removed.
There was a problem hiding this comment.
The old behaviour would look up the information for the .license file path in the REUSE.toml instead of looking up the non .license file path. Because of that I thought i would add an explicit test that the .license file information in the REUSE.toml is ignored. If you think that test should not exist i can also remove those parts (which includes the "MIT" not in check down there.
| foo_toml_info = [info for info in foo_infos if info.spdx_expressions][0] | ||
| assert foo_toml_info.source_type == SourceType.REUSE_TOML | ||
| assert not foo_toml_info.copyright_lines | ||
| assert "MIT" not in str(foo_toml_info.spdx_expressions) |
There was a problem hiding this comment.
| assert "MIT" not in str(foo_toml_info.spdx_expressions) | |
| assert "CC0-1.0" in str(foo_toml_info.spdx_expressions) |
I think it's better to be explicit here.
| assert foo_file_info.source_type == SourceType.DOT_LICENSE | ||
| assert not foo_file_info.spdx_expressions |
There was a problem hiding this comment.
| assert foo_file_info.source_type == SourceType.DOT_LICENSE | |
| assert not foo_file_info.spdx_expressions | |
| assert foo_file_info.source_type == SourceType.DOT_LICENSE | |
| assert not foo_file_info.spdx_expressions | |
| assert "SPDX-FileCopyrightText: 2017 John Doe" in foo_file_info.copyright_lines |
Explicit again to make the test more robust.
Fixes #1057
changelog.d/<directory>/.AUTHORS.rst.docs/man/or elsewhere. (n/a)the current specification.
changed files.