-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix global licensing being ignored with a .license file #1058
base: main
Are you sure you want to change the base?
Conversation
aededca
to
3cd76de
Compare
3cd76de
to
56d6a34
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @nea89o and thanks for your contribution! I struggled a bit with the reading of the issue, so I'm going to re-summarise to make sure I understand correctly:
Using closest
logic, if there is copyright information inside of a file, and licensing information inside of REUSE.toml
, then they are both applied to the file.
However, as I understand it, the tool currently poorly/incorrectly handles the situation where the copyright information is inside of the file's .license
file.
Does that seem right?
Thanks again for your contribution!
# Search the global licensing file for REUSE information. | ||
if self.global_licensing: | ||
relpath = self.relative_from_root(path) | ||
relpath = self.relative_from_root(original_path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this contribution is correct.
[[annotations]] | ||
path = "*.py" | ||
SPDX-FileCopyrightText = "2017 Jane Doe" | ||
SPDX-License-Identifier = "CC0-1.0" | ||
|
||
[[annotations]] | ||
path = "*.py.license" | ||
SPDX-FileCopyrightText = "2017 Jane Doe" | ||
SPDX-License-Identifier = "MIT" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a little strange to me, and seems incorrect. A .license
file cannot/does not have licensing itself. The logic of REUSE is that these .license
files are direct substitutes licensing-wise. This means that foo.py.license
completely overrides the REUSE information inside of foo.py
, and whenever foo.py
is referenced anywhere (in REUSE.toml or in the code), we should really be looking at the contents of foo.py.license
instead.
The second [[annotations]]
table should probably be removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The old behaviour would look up the information for the .license file path in the REUSE.toml instead of looking up the non .license file path. Because of that I thought i would add an explicit test that the .license file information in the REUSE.toml is ignored. If you think that test should not exist i can also remove those parts (which includes the "MIT" not in
check down there.
foo_toml_info = [info for info in foo_infos if info.spdx_expressions][0] | ||
assert foo_toml_info.source_type == SourceType.REUSE_TOML | ||
assert not foo_toml_info.copyright_lines | ||
assert "MIT" not in str(foo_toml_info.spdx_expressions) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assert "MIT" not in str(foo_toml_info.spdx_expressions) | |
assert "CC0-1.0" in str(foo_toml_info.spdx_expressions) |
I think it's better to be explicit here.
assert foo_file_info.source_type == SourceType.DOT_LICENSE | ||
assert not foo_file_info.spdx_expressions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assert foo_file_info.source_type == SourceType.DOT_LICENSE | |
assert not foo_file_info.spdx_expressions | |
assert foo_file_info.source_type == SourceType.DOT_LICENSE | |
assert not foo_file_info.spdx_expressions | |
assert "SPDX-FileCopyrightText: 2017 John Doe" in foo_file_info.copyright_lines |
Explicit again to make the test more robust.
Fixes #1057
changelog.d/<directory>/
.AUTHORS.rst
.docs/man/
or elsewhere. (n/a)the current specification.
changed files.