void-packages icon indicating copy to clipboard operation
void-packages copied to clipboard
verified publisher icon void-linux

Ambiguity of multi-license notation

Open HiPhish opened this issue 1 year ago • 6 comments

If a package is released under the terms of two licenses the manual says

Multiple licenses should be separated by commas, Example: GPL-3.0-or-later, custom:Hugware.

However, this does not make it clear whether either of the license terms apply, or whether both apply. An example of a package where both licenses apply is picom which is under the terms of both the MPL-2.0 and MIT licenses.

This ambiguity could be avoided by using SPDX expressions to combine multiple licenses. These expressions can be arbitrarily complex and cover combinations of licenses (AND and OR) as well as exceptions (WITH) and grouping with parentheses. In the case of picom the SPDX expression is MPL-2.0 AND MIT. In fact, there is an SPDX file in the repo that contains this license: https://github.com/yshui/picom/blob/197b4bd396590cb5df61eb54ec6a1dadf1115a5d/LICENSE.spdx

HiPhish avatar Jan 20 '24 18:01 HiPhish

in xbps-src and xbps, the license field is just free text so it's more a matter of adding it to xlint. xlint already supports WITH (it just translates it to ,). supporting AND and OR could be done the same way or in a more complex way to actually interpret the expression.

classabbyamp avatar Jan 20 '24 18:01 classabbyamp

Updating xlint would be good, but if we want to support more complex expressions that involve parentheses it gets much more complicated. One solution would be to internally ignore any parentheses, then we only validate the individual license identifiers, but not the entire expression. Or we shell out to a dedicated validator.

And the manual should be updated to recommend SPDX expressions instead of comma.

HiPhish avatar Jan 20 '24 18:01 HiPhish

I'm not sure we truly need support for full SPDX expressions, but even the parentheses could be handled as , by xlint since there's no place (in xbps-src or xlint) where the code actually needs a full understanding of the licence; where there's some logic looking at the licence, it's only looking at the individual licence IDs. In short: we could accept full expression in that field even if we don't parse and evaluate them properly in xlint and such

I think that's what I'm working on once I'm done updating picom and a couple other packages

0x5c avatar Feb 10 '24 07:02 0x5c

even the parentheses could be handled as , by xlint

I think xlint should just filter parens out

classabbyamp avatar Feb 10 '24 07:02 classabbyamp

  • [x] xlint PR https://github.com/leahneukirchen/xtools/pull/322
  • [ ] update manual
  • [ ] update templates that have comas in the licence field

0x5c avatar Feb 11 '24 09:02 0x5c

Issues become stale 90 days after last activity and are closed 14 days after that. If this issue is still relevant bump it or assign it.

github-actions[bot] avatar May 12 '24 01:05 github-actions[bot]

Issues become stale 90 days after last activity and are closed 14 days after that. If this issue is still relevant bump it or assign it.

github-actions[bot] avatar Aug 11 '24 01:08 github-actions[bot]