Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignore case when matching SPDX identifiers #5432

Closed
wants to merge 1 commit into from

Conversation

sol
Copy link
Member

@sol sol commented Jul 13, 2018

(as per the SPDX License List Matching Guidelines, v2.0)

https://spdx.org/spdx-license-list/matching-guidelines

Please include the following checklist in your PR:

  • Patches conform to the coding conventions.
  • Any changes that could be relevant to users have been recorded in the changelog.
  • The documentation has been updated, if necessary.
  • If the change is docs-only, [ci skip] is used to avoid triggering the build bots.

Please also shortly describe how you tested your change. Bonus points for added tests!

Copy link
Member

@23Skidoo 23Skidoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

/cc @phadej

@sol
Copy link
Member Author

sol commented Jul 13, 2018

This may actually also apply to LicenRef and license expressions in general, but I didn't see it explicitly mentioned in the matching guidelines.

@quasicomputational
Copy link
Contributor

Isn't this going to change the semantics of 2.2-spec files between Cabal 2.2 and Cabal 2.4? Then again, the worst that can happen is that 2.4 accepts a file that 2.2 doesn't; I guess we could add a DistInexcusable check for a 2.2-spec file with a lowercase license and that would be OK.

@sol
Copy link
Member Author

sol commented Jul 13, 2018

@quasicomputational hmm, I guess you have a point. I'm looking into the check.

Copy link
Collaborator

@phadej phadej left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be cabal-version feature guarded.

@phadej
Copy link
Collaborator

phadej commented Jul 13, 2018

I.e. I cannot write

cabal-version: 2.2
name: pkg
version: 0

license: bsd-3-clause

That will cause missparse. At the very least it should be cabal check, that licenseid's for old cabal-version match case-exactly.

@sol
Copy link
Member Author

sol commented Jul 13, 2018

This should be cabal-version feature guarded.

@phadej I think @quasicomputational already pointed that out, but thanks for the noise.

@phadej
Copy link
Collaborator

phadej commented Jul 13, 2018

In fact, I'm not sure we are reading right guidelines.

The https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 spec appendix doesn't say anythign about case-sensitivity or insensitivity. Matching guidelines are about matching the license texts to the ones in SPDX license list. I'm very unsure it applies to the identifiers. I'll ask SPDX technical team for clarification

@sol
Copy link
Member Author

sol commented Jul 13, 2018

@phadej hmm, the matching guidelines explicitly mention "SPDX License List short identifiers":

may match on the license or exception text itself, the official license header, or the SPDX License List short identifier

I'm not sure about license expressions in general (specifically AND and OR) and LicenseRef.

@sol
Copy link
Member Author

sol commented Jul 13, 2018

Related issue for Composer: composer/composer#7039

@phadej
Copy link
Collaborator

phadej commented Jul 13, 2018

I found the issue: spdx/spdx-spec#63 It's unsolved, and to me it's not clear which way it will turn out. So I'd rather keep Cabal as it is now.

Last comment says:

Discussed on tech call on 6/5/2018: Need to respect the case for the license ID's since they translate to URI's in RDF. There are also other use cases that may break other parsers.

@sol
Copy link
Member Author

sol commented Jul 13, 2018

After I read the whole discussion at spdx/spdx-spec#63 I'm less inclined to move this forward.

Assuming spdx/spdx-spec#37 gets merged in its current form, this is what we may end up with:

Tools are encouraged, but not required, to take advantage of those commitments and support parsing license expressions which alter the canonical casing of any expression components.

@23Skidoo
Copy link
Member

@sol Feel free to close this PR if you've changed your mind.

@pombredanne
Copy link

FWIW, this is Python so likely not your cup of tea.... but the right way when parsing or detecting SPDX expressions is to ignore case alright (and use the canonical case when producing them).
See https://github.com/nexB/license-expression/ and https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/match_spdx_lid.py

@sol
Copy link
Member Author

sol commented Jul 31, 2018

I'm going to close this for now.

@sol sol closed this Jul 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants