Re: Switching to SPDX license tags

[Thomas Klausner <wiz%NetBSD.org@localhost>]

On Fri, Feb 03, 2023 at 11:19:40AM -0500, Greg Troxel wrote:
> Thomas Klausner <wiz%NetBSD.org@localhost> writes:
> 
> > SPDX has a list of license names:
> >
> > https://spdx.org/licenses/
> >
> > This includes 'Identifiers' which correspond in idea to the license
> > names we have in pkgsrc, and markers if they're FSF/OSI approved.
> >
> > I think it'd be useful to convert our licenses (LICENSE) to these
> > standardized identifiers. Perhaps url2pkg could even set it
> > automatically by looking for SPDX-License tags in the code,
> > e.g. these:
> >
> > // SPDX-License-Identifier: MIT
> >
> > For the migration, I'm thinking of these steps:
> >
> > - add the licenses corresponding to the new SPDX names to
> >   pkgsrc/licenses
> >
> > - add the SPDX names of the currently 'default accepted' licenses to
> >   the new default accepted lists in pkgsrc/mk/license.mk and
> >   pkg_install
> >
> > - run a regex over pkgsrc's LICENSE lines replacing the current names
> >   with the SPDX names
> >
> > - Clean up: remove the old license files from mk/licenses; at some
> >   later point (a year later?) remove the old license names from the
> >   default acceptable lists
> >
> > We'll have to manually fix entries; e.g. currently we use gnu-gpl-v2
> > for both 'GPL v2' and 'GPL v2 or later' while SPDX has GPL-2.0-only
> > and GPL-2.0-or-later, so help will be needed at that point.
> >
> > As for the timeframe, I expect to implement this shortly after the
> > next branch, so early April 2023.
> 
> I don't see this as a major improvement, but I don't object as long as
> it isn't near a branch (as you propose) and I don't have to fix fallout.
> 
> Two things I think we need:
> 
>   1) Right now one can tell from a license tag if the license is one or
>   more of Free/Open/DFSG (henceforth Freeish), or not; things with
>   -license aren't Freeish and things without license are Freeish.  I
>   think that's useful.  Even if someone has put some non-Freeish
>   foo-license in DEFAULT_ACCEPTABLE, I think it's reasonable for them to
>   want to know of some other package under that license.  For me, it's
>   situational: I am willing to install a particular package with a
>   non-Freeish license after thought.   I'm not proposing changing the
>   rules, but I would like show-license extended to be:
> 
>     $ make show-license
>     gnu-gpl-v3-or-later: In DEFAULT_ACCEPTABLE_LICENSES.  In ACCEPTABLE_LICENSES.
> 
>     $ make show-license
>     generic-non-license: Not in DEFAULT_ACCEPTABLE_LICENSES.  Not in ACCEPTABLE_LICENSES.
> 
>   to basically restore the property that one can tell Freeish-ness from
>   the tag.

I think this is orthogonal to the proposal.

I've added a show-license-status target that does what I think you want:

/usr/pkgsrc/archivers/ppunpack> make show-license-status
The license of this package is ppunpack-license.

/usr/pkgsrc/archivers/libzip> make show-license-status
The license of this package is modified-bsd.

This license is in DEFAULT_ACCEPTABLE_LICENSES.

This license is in ACCEPTABLE_LICENSES.

/usr/pkgsrc/archivers/unrar> make show-license-status
The license of this package is unrar-license.

This license is in ACCEPTABLE_LICENSES.

>   2) Your plan implies that all license tags we have are in SPDX.  I
>   really doubt that.   There's an obvious modification which is to leave
>   some foo-license and generic-nonlicense and maybe some bar (Freeish
>   not covered), not rewrite the tags and not delete  them, instead only
>   gcing license files that are not pointed to by anything in pkgsrc.

Yes, that could be that SPDX doesn't have all of them. On the other
hand, it's been around for 8+ years so I think it should cover most of
them, but of course we can just leave alone those it doesn't.

> Also, I think this change needs to happen in wip too if it happens and
> for license files to be protected from gc by a reference in wip.

Ok.
 Thomas