fix: invalid SPDX license ID in project metadata#438
Conversation
The project was using a non-existent SPDX license ID ("BSD") which lead Poetry to mark the project under a proprietary license (fallback).
For example, this can be observed at https://pypi.org/pypi/pytest-celery/1.1.3/json, where we can see the following classifier:
```
License :: Other/Proprietary License
```
Explanation: when poetry doesn't know the license (unable to match the license against the SPDX license ID list[^1]), it falls back to "Proprietary"[^2][^3].
This can cause tools checking for license compliance to mistakenly flag the project as non-compliant.
[^1]: https://spdx.org/licenses/
[^2]: https://github.com/python-poetry/poetry-core/blob/5d3abc51bb765d825f3162f34595d853b249a8eb/tests/spdx/test_license.py#L44-L47
[^3]: https://github.com/python-poetry/poetry-core/blob/ab1bdf32fbe283c3e03ea77cf55b008819b6549e/src/poetry/core/spdx/license.py#L156-L160
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #438 +/- ##
=======================================
Coverage 23.80% 23.80%
=======================================
Files 41 41
Lines 1294 1294
Branches 94 94
=======================================
Hits 308 308
Misses 959 959
Partials 27 27 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Hi @Nusnus! Is there anything else I should do in this pull request? I see a GitHub Workflow check is failing but it doesn't look related to the changes (could even potentially be a flaky test, perhaps a rerun would make it pass?) Thank you in advance! |
Don't worry about the CI, I just got my plate very full these days so I didn't get to it yet 🙏 |
|
everything was green |
Yeah because I restarted the flaky tests. Anyways, thanks for backing me up @auvipy 💪 |
3 participants
The project was using a non-existent SPDX license ID ("BSD") which lead Poetry to mark the project under a proprietary license (fallback).
For example, this can be observed at https://pypi.org/pypi/pytest-celery/1.1.3/json, where we can see the following classifier:
Explanation: when poetry doesn't know the license (unable to match the license against the SPDX license ID list), it falls back to "Proprietary"12.
This can cause tools checking for license compliance to mistakenly flag the project as non-compliant.
The changes were tested locally as follows:
Before:
After:
Full diffs for
PKG-INFO:$ diff -u pytest_celery-1.1.3-{old,fixed}/PKG-INFO --- pytest_celery-1.1.3-old/PKG-INFO 1970-01-01 01:00:00 +++ pytest_celery-1.1.3-fixed/PKG-INFO 1970-01-01 01:00:00 @@ -3,7 +3,7 @@ Version: 1.1.3 Summary: Pytest plugin for Celery Home-page: https://github.com/celery/pytest-celery -License: BSD +License: BSD-3-Clause Keywords: pytest,celery Author: Tomer Nosrati Author-email: tomer.nosrati@gmail.com @@ -11,7 +11,6 @@ Classifier: Development Status :: 5 - Production/Stable Classifier: Framework :: Celery Classifier: License :: OSI Approved :: BSD License -Classifier: License :: Other/Proprietary License Classifier: Operating System :: OS Independent Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 3Footnotes
https://github.com/python-poetry/poetry-core/blob/5d3abc51bb765d825f3162f34595d853b249a8eb/tests/spdx/test_license.py#L44-L47 ↩
https://github.com/python-poetry/poetry-core/blob/ab1bdf32fbe283c3e03ea77cf55b008819b6549e/src/poetry/core/spdx/license.py#L156-L160 ↩