Skip to content

Commit b6bb2b6

Browse files
committed
PEP 639: Simply conversion guidance and don't focus on at build-time
1 parent 9b90b35 commit b6bb2b6

File tree

1 file changed

+69
-129
lines changed

1 file changed

+69
-129
lines changed

pep-0639.rst

Lines changed: 69 additions & 129 deletions
Original file line numberDiff line numberDiff line change
@@ -596,11 +596,6 @@ Build tools SHOULD validate the expression as described in the
596596
an error or warning as specified. When generating the core metadata, tools
597597
MUST perform case normalization.
598598

599-
If and only if the ``license-expression`` key is listed as ``dynamic``
600-
(and is not specified), tools MAY infer a value for the ``License-Expression``
601-
field if they can do so unambiguously, but MUST follow the provisions in the
602-
:ref:`639-spec-converting-metadata` section.
603-
604599
If the ``license-expression`` key is present and valid (and the ``license``
605600
key is not specified), for purposes of backward compatibility, tools MAY
606601
back-fill the ``License`` core metadata field with the case-normalized value
@@ -776,37 +771,13 @@ each format, per the :ref:`639-spec-field-license-file` section.
776771
Converting legacy metadata
777772
--------------------------
778773

779-
If the contents of the ``license.text``
780-
``[project]`` table key in ``pyproject.toml``
781-
(or equivalent for tool-specific config formats) is a valid license expression
782-
containing solely known, non-deprecated license identifiers, and
783-
(if the ``[project]`` table is present)
784-
the ``license-expression`` key is listed as ``dynamic``,
785-
build tools MAY use it to fill the ``License-Expression`` field.
786-
787-
Similarly, if the ``classifiers`` ``[project]`` table key (or equivalent
788-
for tool-specific config formats) contains exactly one license classifier
789-
that unambiguously maps to exactly one valid, non-deprecated SPDX license
790-
identifier, tools MAY fill the ``License-Expression`` field with the latter.
791-
792-
If both a ``license.text`` or equivalent value and a single license classifier
793-
are present, the contents of the former, including capitalization
794-
(but excluding leading and trailing whitespace), MUST exactly match the SPDX
795-
license identifier mapped to the license classifier to be considered
796-
unambiguous for the purposes of automatically filling the
797-
``License-Expression`` field.
798-
799-
If tools have filled the ``License-Expression`` field as described here,
800-
they MUST output a prominent, user-visible warning informing package authors
801-
of that fact, including the ``License-Expression`` string they have output,
802-
and recommending that the project source metadata be updated accordingly
803-
with the indicated license expression.
804-
805-
In any other case, tools MUST NOT use the contents of the ``license.text``
806-
key (or equivalent) or license classifiers to fill the
807-
``License-Expression`` field without informing the user and requiring
808-
unambiguous, affirmative user action to select and confirm the desired
809-
``License-Expression`` value before proceeding.
774+
Tools MUST NOT use the contents of the ``license.text`` ``[project]`` key
775+
(or equivalent tool-specific format),
776+
license classifiers or the value of the core metadata ``License`` field
777+
to fill the top-level string value of the ``license`` key ``
778+
or the core metadata ``License-Expression`` field
779+
without informing the user and requiring unambiguous, affirmative user action
780+
to select and confirm the desired license expression value before proceeding.
810781

811782

812783
.. _639-spec-mapping-classifiers-identifiers:
@@ -815,19 +786,19 @@ Mapping license classifiers to SPDX identifiers
815786
'''''''''''''''''''''''''''''''''''''''''''''''
816787

817788
Most single license classifiers (namely, all those not mentioned below)
818-
map to a single valid SPDX license identifier, allowing tools to insert them
819-
into the ``License-Expression`` field following the
820-
:ref:`specification above <639-spec-converting-metadata>`.
821-
822-
Many legacy license classifiers intend to specify a particular license,
789+
map to a single valid SPDX license identifier,
790+
allowing tools to infer the SPDX license identifier they correspond to,
791+
both for use when analyzing and auditing packages,
792+
and providing a semi-automated mechanism of filling the ``license`` key
793+
or the the ``License-Expression`` field
794+
following the :ref:`specification above <639-spec-converting-metadata>`.
795+
796+
Some legacy license classifiers intend to specify a particular license,
823797
but do not specify the particular version or variant, leading to a
824-
`critical ambiguity <classifierissue_>`__ as to their terms, compatibility
825-
and acceptability. Tools MUST NOT attempt to automatically infer a
826-
``License-Expression`` when one of these classifiers is used, and SHOULD
827-
instead prompt the user to affirmatively select and confirm their intended
828-
license choice.
829-
830-
These classifiers are the following:
798+
`critical ambiguity <classifierissue_>`__
799+
as to their terms, compatibility and acceptability.
800+
Tools MUST NOT attempt to automatically infer a ``License-Expression``
801+
when one of these classifiers is used without affirmative user action:
831802

832803
- ``License :: OSI Approved :: Academic Free License (AFL)``
833804
- ``License :: OSI Approved :: Apache Software License``
@@ -850,12 +821,14 @@ MAY use as a reference for the identifier selection options to offer users
850821
when prompting the user to explicitly select the license identifier
851822
they intended for their project.
852823

853-
**Note**: Several additional classifiers, namely the "or later" variants of
854-
the AGPLv3, GPLv2, GPLv3 and LGPLv3, are also listed in the aforementioned
855-
mapping, but as they were merely proposed for textual harmonization and
856-
still unambiguously map to their respective licenses,
857-
they were not included here; LGPLv2 is, however, as it could ambiguously
858-
refer to either the distinct v2.0 or v2.1 variants of that license.
824+
.. note::
825+
826+
Several additional classifiers, namely the "or later" variants of
827+
the AGPLv3, GPLv2, GPLv3 and LGPLv3, are also listed in the aforementioned
828+
mapping, but unambiguously map to their respective licenses,
829+
and so are not listed here.
830+
However, LGPLv2 is included above, as it could ambiguously
831+
refer to either the distinct v2.0 or v2.1 variants of that license.
859832

860833
In addition, for the various special cases, the following mappings are
861834
considered canonical and normative for the purposes of this specification:
@@ -870,38 +843,39 @@ considered canonical and normative for the purposes of this specification:
870843
since the meaning associated with the term "public domain" is thoroughly
871844
dependent on the specific legal jurisdiction involved,
872845
some of which lack the concept entirely.
873-
Alternatively, tools MAY choose to treat these classifiers as ambiguous and
874-
require user confirmation to fill ``License-Expression`` in these cases.
875-
876-
- The generic and sometimes ambiguous classifiers
877-
``License :: Free For Educational Use``,
878-
``License :: Free For Home Use``,
879-
``License :: Free for non-commercial use``,
880-
``License :: Freely Distributable``,
881-
``License :: Free To Use But Restricted``,
882-
``License :: Freeware``, and
883-
``License :: Other/Proprietary License`` MAY be mapped to the generic
846+
Alternatively, tools MAY choose to treat these classifiers as ambiguous.
847+
848+
- The generic and sometimes ambiguous classifiers:
849+
850+
- ``License :: Free For Educational Use``
851+
- ``License :: Free For Home Use``
852+
- ``License :: Free for non-commercial use``
853+
- ``License :: Freely Distributable``
854+
- ``License :: Free To Use But Restricted``
855+
- ``License :: Freeware``
856+
- ``License :: Other/Proprietary License``
857+
858+
MAY be mapped to the generic
884859
``License-Expression: LicenseRef-Proprietary``,
885860
but tools MUST issue a prominent, informative warning if they do so.
886-
Alternatively, tools MAY choose to treat these classifiers as ambiguous and
887-
require user confirmation to fill ``License-Expression`` in these cases.
861+
Alternatively, tools MAY choose to treat these classifiers as ambiguous.
888862

889863
- The generic and ambiguous classifiers ``License :: OSI Approved`` and
890864
``License :: DFSG approved`` do not map to any license expression,
891-
and thus tools MUST treat them as ambiguous and require user intervention
892-
to fill ``License-Expression``.
865+
and thus tools SHOULD treat them as ambiguous, or if not MUST ignore them.
893866

894867
- The classifiers ``License :: GUST Font License 1.0`` and
895868
``License :: GUST Font License 2006-09-30`` have no mapping to SPDX license
896-
identifiers and no PyPI package uses them, as of the writing of this PEP.
897-
Therefore, tools MUST treat them as ambiguous when attempting to fill
898-
``License-Expression``.
869+
identifiers, and no PyPI package uses them as of 2022-07-09.
899870

900871
When multiple license classifiers are used, their relationship is ambiguous,
901872
and it is typically not possible to determine if all the licenses apply or if
902-
there is a choice that is possible among the licenses. In this case, tools
903-
MUST NOT automatically infer a license expression, and SHOULD suggest that the
904-
package author construct one which expresses their intent.
873+
there is a choice that is possible among the licenses,
874+
In this case, tools MUST NOT automatically infer a license expression,
875+
unless one license classifier is a parent of the other,
876+
i.e. the child contains all ``::``-delineated components of the parent,
877+
in which case tools MAY ignore the parent classifier
878+
but SHOULD issue an informative warning when doing so.
905879

906880

907881
.. _639-backwards-compatibility:
@@ -1014,12 +988,19 @@ many, if not most common cases:
1014988
tool authors with guidelines on how to suggest a license expression produced
1015989
from legacy classifiers.
1016990

1017-
- Tools may also be able to infer and suggest how to update an existing
1018-
``License`` value and convert that to a ``License-Expression``.
1019-
For instance, a tool may suggest converting from a ``License`` field with
1020-
``Apache2`` (which is not a valid license expression as defined in this PEP)
1021-
to a ``License-Expression`` field with ``Apache-2.0`` (which is a valid
1022-
license expression using an SPDX license identifier).
991+
- Tools may also be able to infer and suggest how to update
992+
an existing ``License`` value in project source metadata
993+
and convert that to a license expression,
994+
as also :ref:`specified in this PEP <639-spec-converting-metadata>`.
995+
For instance, a tool may suggest converting a value of ``MIT``
996+
in the ``license.text`` key in ``[project]``
997+
(or the equivalent in tool-specific formats)
998+
to a top-level string value of the ``license`` key (or equivalent).
999+
Likewise, a tool could suggest converting from a ``License`` of ``Apache2``
1000+
(which is not a valid license expression
1001+
as :ref:`defined in this PEP <639-spec-field-license-expression>`)
1002+
to a ``License-Expression`` of ``Apache-2.0``
1003+
(the equivalent valid license expression using an SPDX license identifier).
10231004

10241005

10251006
.. _639-reference-implementation:
@@ -1319,25 +1300,15 @@ ultimately rejected, as it shared most of the downsides identified with
13191300
adding new subkeys under the existing ``license`` table, as well as several
13201301
of its own, with again minimal advantage over separating both.
13211302

1322-
Most importantly, it still means that per the
1303+
Also, this still means that per the
13231304
`project source metadata spec <pep621specdynamic_>`__,
13241305
it is not possible to separately mark the ``[project]`` keys
13251306
corresponding to the ``License`` and ``License-Expression`` metadata fields
13261307
as ``dynamic``.
1327-
This, in turn, still
1328-
renders specifying metadata following that standard incompatible with
1329-
conversion of legacy metadata, as specified in this PEP's
1330-
:ref:`639-spec-converting-metadata`,
1331-
as the project source metadata spec strictly prohibits the ``license`` key
1332-
from being both present (to define the existing value of
1333-
the ``License`` field, or the path to a license file, and thus able to be
1334-
converted), and specified as ``dynamic`` (which would allow tools to
1335-
use the generated value for the ``License-Expression`` field.
1336-
1337-
For the same reasons, this would make it impossible to back-fill the
1338-
``License`` field from the ``License-Expression`` field as this PEP
1339-
currently allows (without making an exception from strict
1340-
``dynamic`` behavior in this case), as again, marking ``license`` as dynamic
1308+
This raises a potential concern with back-filling the ``License`` field
1309+
from the ``License-Expression`` field as this PEP currently allows
1310+
(without making an exception from strict ``dynamic`` behavior in this case),
1311+
as marking ``license`` as dynamic
13411312
would mean it cannot be specified in the ``[project]`` table at all.
13421313

13431314
Furthermore, this would mean existing project source metadata specifying
@@ -2024,8 +1995,8 @@ determined to be unnecessary or too problematic in practice.
20241995

20251996
.. _639-examples:
20261997

2027-
Appendix: License Expression Examples
2028-
=====================================
1998+
Appendix: Examples
1999+
==================
20292000

20302001
.. _639-example-basic:
20312002

@@ -2207,37 +2178,6 @@ and ``{version}`` as the previous, the license files would be installed to:
22072178
site-packages/setuptools-${VERSION}.dist-info/licenses/setuptools/_vendor/packaging/LICENSE.BSD
22082179
22092180
2210-
.. _639-example-conversion:
2211-
2212-
Conversion example
2213-
------------------
2214-
2215-
Suppose we were to return to our simple Setuptools case.
2216-
Per the specification, given it only has the following license classifier:
2217-
2218-
.. code-block:: email
2219-
2220-
Classifier: License :: OSI Approved :: MIT License
2221-
2222-
And no value for the ``License`` field, or equivalently, if it had a
2223-
value of:
2224-
2225-
.. code-block:: email
2226-
2227-
License: MIT
2228-
2229-
Then the suggested value for the ``License-Expression`` field would be:
2230-
2231-
.. code-block:: email
2232-
2233-
License-Expression: MIT
2234-
2235-
For the more complex case, assuming it was currently expressed as multiple
2236-
license classifiers, no automatic conversion could be performed due to the
2237-
inherent ambiguity, and the user would be prompted on how to handle the
2238-
situation themselves.
2239-
2240-
22412181
.. _639-example-expression:
22422182

22432183
Expression examples

0 commit comments

Comments
 (0)