SPDX identifiers

[Ryan Schmidt]

On Mar 2, 2018, at 08:05, Leonardo Brondani Schenkel wrote:

> On 2018-03-02 14:59, Ryan Schmidt wrote:
>> I'm open to that. But whatever changes are made, the port_binary_distributable.tcl script has to work correctly with those changes.
>> https://github.com/macports/macports-infrastructure/blob/master/jobs/port_binary_distributable.tcl
>> That script is used by the buildbot to determine which binaries we are allowed to distribute.
> 
> I can volunteer to do that (not immediately, but I believe I could do it in the upcoming weeks). Just a thought: to make the implementation more manageable, I could implement a mapping from SPDX to "license group" (basically the ones that are there now) so the script still deals with a smaller set of groups instead of all the possible individual license variations. Would you find that agreeable?

Josh should comment; it's been largely his script. It's large and I haven't tried to understand it all so I don't have any advice about how it should be changed.

> A question: since it's important to get the license right, why aren't we failing the builds for Portfiles with an unrecognized license?

At a most basic level, we don't do that because nobody has suggested we do that before.

The buildbot exists not only to distribute binaries, but also to verify that ports build. It might be confusing if the buildbot claimed that a port did not build, when in fact it did build but merely did not have a license set.

I would instead say that "port lint" is where a warning for a missing license should occur -- and already does.

Just having a license set in a portfile does not guarantee that we "got it right". The portfile author may have created the port by duplicating another portfile as a starting point, and forgot to change the license. The portfile author may have misinterpreted or misunderstood the license. The software's license may have changed in an updated version and the portfile author didn't notice.