On Tue, Aug 22, 2023 at 1:21 PM Miroslav Suchý <msuchy@xxxxxxxxxx> wrote: > > Dne 22. 08. 23 v 1:08 Fabio Valentini napsal(a): > > On Sun, Aug 20, 2023 at 9:11 AM Miroslav Suchý <msuchy@xxxxxxxxxx> wrote: > (snip) Thanks for running the checks! I looked at all the packages you listed. > I run the statistics for rust-* only. And when I omit the reports with "warning: valid as old and new and no changelong entry, please check" and packages that are correctly converted I get: > > rust-below warning: not valid neither as Callaway nor as SPDX, please check This is a case where one of the crates in the dependency tree uses the deprecated "LGPL-2.1" identifier, which shows up in the binary license. > rust-bitmaps warning: not valid neither as Callaway nor as SPDX, please check This uses MPL-2.0 or later, denoted as "MPL-2.0+". It looks like an SPDX identifier, but it's not (there is no "-or-later" variant of MPL-2.0 in SPDX). I'll investigate and file an issue with upstream. > rust-bootupd - can be trivially converted to Apache-2.0 > rust-bootupd - can be trivially converted to Apache-2.0 rust-bootupd is built in a way that circumvents all our Rust packaging mechanisms, it didn't show up in my lists. It's also missing a license tag for the statically linked binary entirely. > rust-btrd warning: not valid neither as Callaway nor as SPDX, please check > rust-btrd warning: not valid neither as Callaway nor as SPDX, please check Uses valid but deprecated "GPL-2.0" identifier. Not sure why it's rejected. > rust-cargo-c warning: not valid neither as Callaway nor as SPDX, please check Has some MPL-2.0+ in the dependency tree, will investigate. > rust-coreos-installer - can be trivially converted to Apache-2.0 > rust-coreos-installer > rust-coreos-installer This package is managed by the CoreOS guys and they're doing all sorts of weird things in it. I didn't want to touch it. > rust-docopt warning: not valid neither as Callaway nor as SPDX, please check This looks like a typo: "MIT AND Unicode-DFS-2016 AND ((MIT OR Apache-2.0) AND (Unlicense OR MIT)" (misbalanced braces), will fix. > rust-drg - can be trivially converted to Apache-2.0 FTBFS since ages ago, cannot fix. > rust-dutree warning: not valid neither as Callaway nor as SPDX, please check > rust-dutree warning: not valid neither as Callaway nor as SPDX, please check Uses valid but deprecated GPL-3.0 identifier. > rust-gmp-mpfr-sys warning: not valid neither as Callaway nor as SPDX, please check Uses valid but deprecated LGPL-3.0+ identifier. Could likely be changed to LGPL-3.0-or-later, which is the replacement. > rust-chrono-tz Contains a copy of the Olson tzdata, which hasn't been converted to SPDX yet. It's supposed to be in the "Public Domain". > rust-ifcfg-devname warning: not valid neither as Callaway nor as SPDX, please check > rust-ifcfg-devname warning: not valid neither as Callaway nor as SPDX, please check Uses valid but deprecated GPL-3.0 identifier. > rust-im-rc warning: not valid neither as Callaway nor as SPDX, please check This is likely the culprit for all the other issues with MPL-2.0+. I'll file an issue with upstream (which is pretty dead though). > rust-libslirp This package has been bitrotting for years, I did not want to touch it. > rust-nettle warning: not valid neither as Callaway nor as SPDX, please check > rust-nettle-sys warning: not valid neither as Callaway nor as SPDX, please check Both use "LGPL-3.0 OR GPL-2.0 OR GPL-3.0" which are all valid SPDX identifiers, just deprecated. > rust-procs This one looks like it was generated with a version of rust2rpm that *should* have switched it to SPDX, but it was apparently reverted to Callaway identifiers. I'll fix it with the next update, which is already lined up. > rust-python3-sys warning: not valid neither as Callaway nor as SPDX, please check This uses "Python-2.0", which is a valid, non-deprecated SPDX identifier. > rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check > rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check > rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check Not sure why this is showing up. It looks valid to me: "BSD-2-Clause AND ISC AND MIT AND (Apache-2.0 OR MIT) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND (Unlicense OR MIT)" > rust-rpick warning: not valid neither as Callaway nor as SPDX, please check > rust-rpick warning: not valid neither as Callaway nor as SPDX, please check Uses valid but deprecated GPL-3.0 identifier. > rust-rustcat warning: not valid neither as Callaway nor as SPDX, please check Oh oh, this one is my fault. Looks like I pushed an unfinished spec file. Will fix. > rust-sequoia-keyring-linter warning: not valid neither as Callaway nor as SPDX, please check > rust-sequoia-octopus-librnp warning: not valid neither as Callaway nor as SPDX, please check > rust-sequoia-sop warning: not valid neither as Callaway nor as SPDX, please check > rust-sequoia-sq warning: not valid neither as Callaway nor as SPDX, please check > rust-sequoia-sqv warning: not valid neither as Callaway nor as SPDX, please check These are impacted by nettle / nettle-sys crates having valid but deprecated SPDX license identifiers. > rust-sized-chunks warning: not valid neither as Callaway nor as SPDX, please check This uses MPL-2.0+ as well. Will file an issue with upstream. > rust-timebomb - can be trivially converted to Apache-2.0 I missed this one because it didn't show up in my spec grepping. Will fix. > rust-tokei This one was partially converted. The source license is "MIT OR Apache-2.0" but the binary license still uses Callaway identifiers. Not sure how this happened, will fix. > rust-tpm2-policy - can be trivially converted to EUPL-1.2 Managed by pbrobinson, and due to his spec modifications it didn't show up in my queries. > rust-tree-sitter-cli > rust-tree-sitter > rust-varlink-cli These should all have used SPDX for their binary license, but didn't. Will fix them. > rust-ybaas warning: not valid neither as Callaway nor as SPDX, please check > rust-ybaas warning: not valid neither as Callaway nor as SPDX, please check > rust-yubibomb warning: not valid neither as Callaway nor as SPDX, please check > rust-yubibomb warning: not valid neither as Callaway nor as SPDX, please check Use valid but deprecated GPL-3.0 identifier. > rust-zbase32 warning: not valid neither as Callaway nor as SPDX, please check Uses valid but deprecated LGPL-3.0+ identifier. > rust-zincati - can be trivially converted to Apache-2.0 > rust-zincati Pull request filed 3 months ago and ignored until last week. I need to rebase it: https://src.fedoraproject.org/rpms/rust-zincati/pull-request/21 --- Looks like there are 7 packages that I can fix later today: - rust-docopt - rust-procs - rust-rustcat - rust-tokei - rust-tree-sitter - rust-tree-sitter-cli - rust-varlink-cli There's four packages that use "MPL-2.0+" which is not a valid SPDX identifier. Not sure what to do about them, since I don't want to ignore upstream license specification and change them to just "MPL-2.0". - rust-bitmaps - rust-cargo-c - rust-im-rc - rust-sized-chunks The rest use valid SPDX identifiers but they're not recognized as such. As others have already mentioned, the deprecated identifiers for suffix-less GPL/LGPL variants should be accepted, or at most raise a warning. Fabio _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
