Add missing license files for re-used code#2590
Conversation
| @@ -0,0 +1,246 @@ | |||
| A. HISTORY OF THE SOFTWARE | |||
There was a problem hiding this comment.
| @@ -0,0 +1,41 @@ | |||
|
|
|||
There was a problem hiding this comment.
| ("pythonwin", (str(scintilla_licence_path),)), | ||
| ("win32comext/mapi", (str(mapi_stubs_licence_path),)), | ||
| ("win32com", ("com/License.txt",)), | ||
| ("win32comext", ("com/License.txt",)), |
There was a problem hiding this comment.
i don't quite get the first arg here and why it's not specified below (or why win32com already did that :) But why is this even needed given the files added up above?
There was a problem hiding this comment.
First element of the tuple args is the destination package (and its submodules if the path contains a /), second element is an iterable of sources
It's needed because win32com and win32comext end up as their own top-level packages, but License.txt is not found in either sources (would be com/win32com/License.txt and com/win32comext/License.txt) simply because it would be redundant (given that then entire com folder currently shares the same license information).
Hopefully this image helps visualize what I'm saying:
win32/License.txt doesn't need this treatment because their source and packaged locations match.
Sidenote: Using the same technique, win32/License.txt and com/License.txt could be deduplicated in source and moved to the root of the repository. But that may make things more confusing with the PSF SPDX identifier in the project root metadata and mentioned in the readme. My goal isn't to update any of that in this PR, just to add missing license information that should already apply to specific places.
|
|
||
| This distributed package contains components under multiple licenses: | ||
|
|
||
| - `mapi.pyd` is licensed under the MIT License. See [com/win32comext/mapi/src/MAPIStubLibrary/LICENSE](https://github.com/mhammond/pywin32/blob/main/com/win32comext/mapi/src/MAPIStubLibrary/LICENSE) for details. |
There was a problem hiding this comment.
I don't see why that license compels mapi.pyd?
There was a problem hiding this comment.
It takes some digging to find it but this matches my own analysis: Per the readme, mapi.pyd is built from headers downloaded from this Microsoft repo which is MIT-licensed.
There was a problem hiding this comment.
It's more than just headers, I believe there's actual vendored code that gets compiled (I could be wrong), mapiStubLibrary.cpp and stubutils.cpp are declared as sources in setup.py. (I don't see it being used anywhere. Do we simply just re-expose the library code ?)
Lines 1429 to 1446 in e319b77
If accurate, mapi.pyd and exchange.pyd are shipped containing MIT-licensed code.
If it was just the headers, then this wouldn't apply.
It would be more accurate to say that it contains MIT-licensed code. I've updated this.
|
I'll note I'm also hesitant to add a license file at root (which would be picked-up by GitHub for display), at least for this PR where the goal is only to add clearly missing information for re-used code. The current project metadata says So I'm leaving that as a discussion for another time. |
Avasam
changed the title
| </details> | ||
|
|
||
| ## Licenses | ||
|
|
There was a problem hiding this comment.
I'm not sure this table is adding any value, and may even be detrimental as it becomes less accurate over time (eg, when new modules are added etc) - I think this section still makes sense and is useful if the table is omitted entirely?
There was a problem hiding this comment.
Sure, I can omit the table, it was still a valid exercise for me to triple check I didn't miss anything.
3 participants
Closes #1127
Considerations for a SPDX license expression for the distribution (PEP 639 – Improving License Clarity with Better Package Metadata) or SBOM (PEP 770 – Improving measurability of Python packages with Software Bill-of-Materials) are left as a different topic of discussion.