Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: environment licenses as proper SPDX #576

Merged
merged 9 commits into from
Sep 6, 2023
Merged

feat: environment licenses as proper SPDX #576

merged 9 commits into from
Sep 6, 2023

Conversation

jkowalleck
Copy link
Member

fixes #459

@jkowalleck jkowalleck added the enhancement New feature or request label Aug 31, 2023
@jkowalleck jkowalleck requested a review from a team as a code owner August 31, 2023 08:59
@jkowalleck jkowalleck changed the base branch from main to dev/4.x.x August 31, 2023 08:59
@jkowalleck
clean
710d310 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
debug
9416333 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
tests
c14090b 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
clean
00c5c5f 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
docs
b08462c 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
fix all
6543304 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
docs
306e8a8 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
Copy link
Member Author

wanna review?
@a1lu @andife

@andife
Copy link
Contributor

andife commented Aug 31, 2023

I had just a quick looking at the result: https://github.com/andife/cyclonedx-python/actions/runs/6036254421
The result seems to be better.

But I've some question:

I do not know, but if we have a valid "id", do we also have to mention the "name"?

The explanation for "name":
"If SPDX does not define the license used, this field may be used to provide the license name"
https://cyclonedx.org/docs/1.4/json/#components_items_licenses_items_license_name

grafik

According to the code, I thought

grafik
could be mapped ?

@jkowalleck
Copy link
Member Author

I do not know, but if we have a valid "id", do we also have to mention the "name"?

impossible. according to CycloneDX specification it is EITHER id OR name required, not both, not none.

According to the code, I thought [...] could be mapped ?

how comes?

cyclonedx-python/cyclonedx_py/_internal/license_trove_classifier.py

Lines 82 to 84 in 306e8a8

# 'License :: OSI Approved :: Apache Software License': which one?
# - Apache-1.1
# - Apache-2.0

@andife
Copy link
Contributor

andife commented Aug 31, 2023

I do not know, but if we have a valid "id", do we also have to mention the "name"?

impossible. according to CycloneDX specification it is EITHER id OR name required, not both, not none.

so for py-serializable we know the "Apache 2.0", it's an "id"... there should not be a "name" "Apache Software License"...? For this unique mapping in general we have already the solution => "Apache 2.0"

According to the code, I thought [...] could be mapped ?

how comes?

cyclonedx-python/cyclonedx_py/_internal/license_trove_classifier.py

Lines 82 to 84 in 306e8a8

# 'License :: OSI Approved :: Apache Software License': which one?
# - Apache-1.1
# - Apache-2.0

you are right... maybe one has to ask Github per API...

@jkowalleck
Copy link
Member Author

jkowalleck commented Aug 31, 2023
edited
Loading

so for py-serializable we know the "Apache 2.0", it's an "id"... there should not be a "name" "Apache Software License"...? For this unique mapping in general we have already the solution => "Apache 2.0"

where does this solution come from?
please read https://peps.python.org/pep-0639/#mapping-license-classifiers-to-spdx-identifiers

maybe one has to ask Github per API...

why would you ask githhub for a package that you have installed locally?

@jkowalleck jkowalleck merged commit cf0788a into dev/4.x.x Sep 6, 2023
24 checks passed
@jkowalleck jkowalleck deleted the feature/environment-license-spdx branch September 6, 2023 09:46
This was referenced Sep 6, 2023
Closed
Closed
Closed
jkowalleck added a commit that referenced this pull request Sep 25, 2023
@jkowalleck
fix: prefer any LicenseExpression over multiple licenses
d67dbbe 
followup of #576

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck mentioned this pull request Sep 25, 2023
Closed
jkowalleck added a commit that referenced this pull request Sep 25, 2023
@jkowalleck
fix: prefer any LicenseExpression over multiple licenses
09e42f3 
followup of #576

Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck mentioned this pull request Oct 25, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: environment licenses as proper SPDX
2 participants
@jkowalleck @andife