reuse-tool icon indicating copy to clipboard operation
reuse-tool copied to clipboard

Published 20 hours ago verified publisher icon fsfe

dep5: complex license options (and, or) in dep5 are not respected

Open janderssonse opened this issue 4 years ago • 6 comments

Problem: In my dep5 file I have a file with multiple licenses.

Example:


Files: THEFILE
Copyright: 2020 COPYRIGHTHOLDER <[email protected]>
License: MIT and Apache-2.0

which is valid according to the specification https://dep-team.pages.debian.net/deps/dep5/

However, reuse lint only seems to care about the first license, in the example it would only find MIT

janderssonse avatar Feb 28 '20 07:02 janderssonse

I can't get this bug to trigger. Can you provide an example repository?

I tried to trigger this bug by:

  • Editing .reuse/dep5 in this repository to change one line to GPL-3.0-or-later AND 0BSD (and also GPL-3.0-or-later and 0BSD).
  • Running reuse lint

It shows me:

* Missing licenses: 0BSD

Also as a subnote: The REUSE Specification overrides the License: field in DEP5:

Where the REUSE Specification and DEP5 state different things, the REUSE Specification takes precedence. Specifically in the case of the Copyright and License tags.

carmenbianca avatar Feb 28 '20 10:02 carmenbianca

Thanks for looking into it. Please try it at https://github.com/SVT/open-source-project-template

janderssonse avatar Feb 28 '20 10:02 janderssonse

Found the issue.

Files: docs/CONTRIBUTING.md
Copyright: 2020 HERE Europe B.V. <[email protected]>
           2020 CFPB Consumer Finanical Protection Bureau. <[email protected]>
           2020 Sveriges Television AB <[email protected]>
License: CC0-1.0 and Apache-2.0

Files: *.md
Copyright: 2020 Sveriges Television AB <[email protected]>
           2020 CFPB Consumer Finanical Protection Bureau. <[email protected]>
License: CC0-1.0

The second paragraph overrides the first. I suspect that this is an upstream bug in python-debian. When you swap the paragraphs around, you get the expected behaviour.

carmenbianca avatar Feb 28 '20 10:02 carmenbianca

Aha, thanks. Will fix in my repo. I did not thought order mattered and thought it was "The more specific overrides the more general". Order importance is ok with me also, but maybe it should be documented. Should I Close this issue?

janderssonse avatar Feb 28 '20 10:02 janderssonse

You're welcome :) And thank you for reporting the issue. Please keep it open, and I will prod upstream about this issue some time next week.

Have a good day :D

carmenbianca avatar Feb 28 '20 10:02 carmenbianca

@carmenbianca does the issue still exist with upstream?

mxmehl avatar Apr 27 '21 15:04 mxmehl