@@ -596,11 +596,6 @@ Build tools SHOULD validate the expression as described in the
596
596
an error or warning as specified. When generating the core metadata, tools
597
597
MUST perform case normalization.
598
598
599
- If and only if the ``license-expression `` key is listed as ``dynamic ``
600
- (and is not specified), tools MAY infer a value for the ``License-Expression ``
601
- field if they can do so unambiguously, but MUST follow the provisions in the
602
- :ref: `639-spec-converting-metadata ` section.
603
-
604
599
If the ``license-expression `` key is present and valid (and the ``license ``
605
600
key is not specified), for purposes of backward compatibility, tools MAY
606
601
back-fill the ``License `` core metadata field with the case-normalized value
@@ -776,37 +771,13 @@ each format, per the :ref:`639-spec-field-license-file` section.
776
771
Converting legacy metadata
777
772
--------------------------
778
773
779
- If the contents of the ``license.text ``
780
- ``[project] `` table key in ``pyproject.toml ``
781
- (or equivalent for tool-specific config formats) is a valid license expression
782
- containing solely known, non-deprecated license identifiers, and
783
- (if the ``[project] `` table is present)
784
- the ``license-expression `` key is listed as ``dynamic ``,
785
- build tools MAY use it to fill the ``License-Expression `` field.
786
-
787
- Similarly, if the ``classifiers `` ``[project] `` table key (or equivalent
788
- for tool-specific config formats) contains exactly one license classifier
789
- that unambiguously maps to exactly one valid, non-deprecated SPDX license
790
- identifier, tools MAY fill the ``License-Expression `` field with the latter.
791
-
792
- If both a ``license.text `` or equivalent value and a single license classifier
793
- are present, the contents of the former, including capitalization
794
- (but excluding leading and trailing whitespace), MUST exactly match the SPDX
795
- license identifier mapped to the license classifier to be considered
796
- unambiguous for the purposes of automatically filling the
797
- ``License-Expression `` field.
798
-
799
- If tools have filled the ``License-Expression `` field as described here,
800
- they MUST output a prominent, user-visible warning informing package authors
801
- of that fact, including the ``License-Expression `` string they have output,
802
- and recommending that the project source metadata be updated accordingly
803
- with the indicated license expression.
804
-
805
- In any other case, tools MUST NOT use the contents of the ``license.text ``
806
- key (or equivalent) or license classifiers to fill the
807
- ``License-Expression `` field without informing the user and requiring
808
- unambiguous, affirmative user action to select and confirm the desired
809
- ``License-Expression `` value before proceeding.
774
+ Tools MUST NOT use the contents of the ``license.text `` ``[project] `` key
775
+ (or equivalent tool-specific format),
776
+ license classifiers or the value of the core metadata ``License `` field
777
+ to fill the top-level string value of the ``license `` key ``
778
+ or the core metadata ``License-Expression `` field
779
+ without informing the user and requiring unambiguous, affirmative user action
780
+ to select and confirm the desired license expression value before proceeding.
810
781
811
782
812
783
.. _639-spec-mapping-classifiers-identifiers :
@@ -815,19 +786,19 @@ Mapping license classifiers to SPDX identifiers
815
786
'''''''''''''''''''''''''''''''''''''''''''''''
816
787
817
788
Most single license classifiers (namely, all those not mentioned below)
818
- map to a single valid SPDX license identifier, allowing tools to insert them
819
- into the ``License-Expression `` field following the
820
- :ref: `specification above <639-spec-converting-metadata >`.
821
-
822
- Many legacy license classifiers intend to specify a particular license,
789
+ map to a single valid SPDX license identifier,
790
+ allowing tools to infer the SPDX license identifier they correspond to,
791
+ both for use when analyzing and auditing packages,
792
+ and providing a semi-automated mechanism of filling the ``license `` key
793
+ or the the ``License-Expression `` field
794
+ following the :ref: `specification above <639-spec-converting-metadata >`.
795
+
796
+ Some legacy license classifiers intend to specify a particular license,
823
797
but do not specify the particular version or variant, leading to a
824
- `critical ambiguity <classifierissue _>`__ as to their terms, compatibility
825
- and acceptability. Tools MUST NOT attempt to automatically infer a
826
- ``License-Expression `` when one of these classifiers is used, and SHOULD
827
- instead prompt the user to affirmatively select and confirm their intended
828
- license choice.
829
-
830
- These classifiers are the following:
798
+ `critical ambiguity <classifierissue _>`__
799
+ as to their terms, compatibility and acceptability.
800
+ Tools MUST NOT attempt to automatically infer a ``License-Expression ``
801
+ when one of these classifiers is used without affirmative user action:
831
802
832
803
- ``License :: OSI Approved :: Academic Free License (AFL) ``
833
804
- ``License :: OSI Approved :: Apache Software License ``
@@ -850,12 +821,14 @@ MAY use as a reference for the identifier selection options to offer users
850
821
when prompting the user to explicitly select the license identifier
851
822
they intended for their project.
852
823
853
- **Note **: Several additional classifiers, namely the "or later" variants of
854
- the AGPLv3, GPLv2, GPLv3 and LGPLv3, are also listed in the aforementioned
855
- mapping, but as they were merely proposed for textual harmonization and
856
- still unambiguously map to their respective licenses,
857
- they were not included here; LGPLv2 is, however, as it could ambiguously
858
- refer to either the distinct v2.0 or v2.1 variants of that license.
824
+ .. note ::
825
+
826
+ Several additional classifiers, namely the "or later" variants of
827
+ the AGPLv3, GPLv2, GPLv3 and LGPLv3, are also listed in the aforementioned
828
+ mapping, but unambiguously map to their respective licenses,
829
+ and so are not listed here.
830
+ However, LGPLv2 is included above, as it could ambiguously
831
+ refer to either the distinct v2.0 or v2.1 variants of that license.
859
832
860
833
In addition, for the various special cases, the following mappings are
861
834
considered canonical and normative for the purposes of this specification:
@@ -870,38 +843,39 @@ considered canonical and normative for the purposes of this specification:
870
843
since the meaning associated with the term "public domain" is thoroughly
871
844
dependent on the specific legal jurisdiction involved,
872
845
some of which lack the concept entirely.
873
- Alternatively, tools MAY choose to treat these classifiers as ambiguous and
874
- require user confirmation to fill ``License-Expression `` in these cases.
875
-
876
- - The generic and sometimes ambiguous classifiers
877
- ``License :: Free For Educational Use ``,
878
- ``License :: Free For Home Use ``,
879
- ``License :: Free for non-commercial use ``,
880
- ``License :: Freely Distributable ``,
881
- ``License :: Free To Use But Restricted ``,
882
- ``License :: Freeware ``, and
883
- ``License :: Other/Proprietary License `` MAY be mapped to the generic
846
+ Alternatively, tools MAY choose to treat these classifiers as ambiguous.
847
+
848
+ - The generic and sometimes ambiguous classifiers:
849
+
850
+ - ``License :: Free For Educational Use ``
851
+ - ``License :: Free For Home Use ``
852
+ - ``License :: Free for non-commercial use ``
853
+ - ``License :: Freely Distributable ``
854
+ - ``License :: Free To Use But Restricted ``
855
+ - ``License :: Freeware ``
856
+ - ``License :: Other/Proprietary License ``
857
+
858
+ MAY be mapped to the generic
884
859
``License-Expression: LicenseRef-Proprietary ``,
885
860
but tools MUST issue a prominent, informative warning if they do so.
886
- Alternatively, tools MAY choose to treat these classifiers as ambiguous and
887
- require user confirmation to fill ``License-Expression `` in these cases.
861
+ Alternatively, tools MAY choose to treat these classifiers as ambiguous.
888
862
889
863
- The generic and ambiguous classifiers ``License :: OSI Approved `` and
890
864
``License :: DFSG approved `` do not map to any license expression,
891
- and thus tools MUST treat them as ambiguous and require user intervention
892
- to fill ``License-Expression ``.
865
+ and thus tools SHOULD treat them as ambiguous, or if not MUST ignore them.
893
866
894
867
- The classifiers ``License :: GUST Font License 1.0 `` and
895
868
``License :: GUST Font License 2006-09-30 `` have no mapping to SPDX license
896
- identifiers and no PyPI package uses them, as of the writing of this PEP.
897
- Therefore, tools MUST treat them as ambiguous when attempting to fill
898
- ``License-Expression ``.
869
+ identifiers, and no PyPI package uses them as of 2022-07-09.
899
870
900
871
When multiple license classifiers are used, their relationship is ambiguous,
901
872
and it is typically not possible to determine if all the licenses apply or if
902
- there is a choice that is possible among the licenses. In this case, tools
903
- MUST NOT automatically infer a license expression, and SHOULD suggest that the
904
- package author construct one which expresses their intent.
873
+ there is a choice that is possible among the licenses,
874
+ In this case, tools MUST NOT automatically infer a license expression,
875
+ unless one license classifier is a parent of the other,
876
+ i.e. the child contains all ``:: ``-delineated components of the parent,
877
+ in which case tools MAY ignore the parent classifier
878
+ but SHOULD issue an informative warning when doing so.
905
879
906
880
907
881
.. _639-backwards-compatibility :
@@ -1014,12 +988,19 @@ many, if not most common cases:
1014
988
tool authors with guidelines on how to suggest a license expression produced
1015
989
from legacy classifiers.
1016
990
1017
- - Tools may also be able to infer and suggest how to update an existing
1018
- ``License `` value and convert that to a ``License-Expression ``.
1019
- For instance, a tool may suggest converting from a ``License `` field with
1020
- ``Apache2 `` (which is not a valid license expression as defined in this PEP)
1021
- to a ``License-Expression `` field with ``Apache-2.0 `` (which is a valid
1022
- license expression using an SPDX license identifier).
991
+ - Tools may also be able to infer and suggest how to update
992
+ an existing ``License `` value in project source metadata
993
+ and convert that to a license expression,
994
+ as also :ref: `specified in this PEP <639-spec-converting-metadata >`.
995
+ For instance, a tool may suggest converting a value of ``MIT ``
996
+ in the ``license.text `` key in ``[project] ``
997
+ (or the equivalent in tool-specific formats)
998
+ to a top-level string value of the ``license `` key (or equivalent).
999
+ Likewise, a tool could suggest converting from a ``License `` of ``Apache2 ``
1000
+ (which is not a valid license expression
1001
+ as :ref: `defined in this PEP <639-spec-field-license-expression >`)
1002
+ to a ``License-Expression `` of ``Apache-2.0 ``
1003
+ (the equivalent valid license expression using an SPDX license identifier).
1023
1004
1024
1005
1025
1006
.. _639-reference-implementation :
@@ -1319,25 +1300,15 @@ ultimately rejected, as it shared most of the downsides identified with
1319
1300
adding new subkeys under the existing ``license `` table, as well as several
1320
1301
of its own, with again minimal advantage over separating both.
1321
1302
1322
- Most importantly, it still means that per the
1303
+ Also, this still means that per the
1323
1304
`project source metadata spec <pep621specdynamic _>`__,
1324
1305
it is not possible to separately mark the ``[project] `` keys
1325
1306
corresponding to the ``License `` and ``License-Expression `` metadata fields
1326
1307
as ``dynamic ``.
1327
- This, in turn, still
1328
- renders specifying metadata following that standard incompatible with
1329
- conversion of legacy metadata, as specified in this PEP's
1330
- :ref: `639-spec-converting-metadata `,
1331
- as the project source metadata spec strictly prohibits the ``license `` key
1332
- from being both present (to define the existing value of
1333
- the ``License `` field, or the path to a license file, and thus able to be
1334
- converted), and specified as ``dynamic `` (which would allow tools to
1335
- use the generated value for the ``License-Expression `` field.
1336
-
1337
- For the same reasons, this would make it impossible to back-fill the
1338
- ``License `` field from the ``License-Expression `` field as this PEP
1339
- currently allows (without making an exception from strict
1340
- ``dynamic `` behavior in this case), as again, marking ``license `` as dynamic
1308
+ This raises a potential concern with back-filling the ``License `` field
1309
+ from the ``License-Expression `` field as this PEP currently allows
1310
+ (without making an exception from strict ``dynamic `` behavior in this case),
1311
+ as marking ``license `` as dynamic
1341
1312
would mean it cannot be specified in the ``[project] `` table at all.
1342
1313
1343
1314
Furthermore, this would mean existing project source metadata specifying
@@ -2024,8 +1995,8 @@ determined to be unnecessary or too problematic in practice.
2024
1995
2025
1996
.. _639-examples :
2026
1997
2027
- Appendix: License Expression Examples
2028
- =====================================
1998
+ Appendix: Examples
1999
+ ==================
2029
2000
2030
2001
.. _639-example-basic :
2031
2002
@@ -2207,37 +2178,6 @@ and ``{version}`` as the previous, the license files would be installed to:
2207
2178
site-packages/setuptools-${VERSION} .dist-info/licenses/setuptools/_vendor/packaging/LICENSE.BSD
2208
2179
2209
2180
2210
- .. _639-example-conversion :
2211
-
2212
- Conversion example
2213
- ------------------
2214
-
2215
- Suppose we were to return to our simple Setuptools case.
2216
- Per the specification, given it only has the following license classifier:
2217
-
2218
- .. code-block :: email
2219
-
2220
- Classifier: License :: OSI Approved :: MIT License
2221
-
2222
- And no value for the ``License `` field, or equivalently, if it had a
2223
- value of:
2224
-
2225
- .. code-block :: email
2226
-
2227
- License: MIT
2228
-
2229
- Then the suggested value for the ``License-Expression `` field would be:
2230
-
2231
- .. code-block :: email
2232
-
2233
- License-Expression: MIT
2234
-
2235
- For the more complex case, assuming it was currently expressed as multiple
2236
- license classifiers, no automatic conversion could be performed due to the
2237
- inherent ambiguity, and the user would be prompted on how to handle the
2238
- situation themselves.
2239
-
2240
-
2241
2181
.. _639-example-expression :
2242
2182
2243
2183
Expression examples
0 commit comments