Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set license expression on nuget #934

Open
1 task done
thompson-tomo opened this issue Apr 5, 2024 · 1 comment
Open
1 task done

Set license expression on nuget #934

thompson-tomo opened this issue Apr 5, 2024 · 1 comment
Labels
is:feature

Comments

@thompson-tomo
Copy link

thompson-tomo commented Apr 5, 2024
edited

Is there an existing issue for this?

  • I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

By using a license url external tools can not easily analyse the license types in use

Describe the solution you'd like

The nuget package has the license expression set

Additional context

N/a
@NightOwl888
Copy link
Contributor

Lucene.NET is covered under a compound license. There were several separately licensed components that were bundled in Lucene that were ported from Java and then we also added some separately licensed .NET software from 3rd parties. See the additional licenses in the LICENSE.txt file.

Per the Apache License Policy, we must bundle the license file with software distributions. That being said, I don't think that fact precludes us from using an SPDX license expression, but it is going to cause us slightly more maintenance to update both the expression and the license file every time the licensing changes.

Perhaps we need to ping infra/legal about this request because I am not sure whether bypassing the license attributions with an SPDX will violate the Apache License Policy. It is pretty specific about including the attributions in the license and AFAIK there is no way to include them in an SPDX.

I suspect we could accommodate this request if:

  1. Someone works out the compound SPDX expression that we will need.
  2. Someone contributes documentation on how to keep the license file and SPDX expression in sync or provides some way that it could be automated (perhaps by embedding the expressions right into the LICENSE.txt file for the additional licenses so they can be combined appropriately and maintained in one place). Either way we should document the procedure because the components that we bundle changes from time to time and we will need to have a procedure to keep it updated.
  3. We continue to bundle the LICENSE.txt file in the NuGet packages as per the Apache License Policy.
  4. We comply with the Apache License Policy in every other way. We need to work with infra/legal to confirm we can even do this.

The SPDX expression for our packages will be quite long. Does that negate the benefit of having one? In the past, I have only used an SPDX for projects that are covered under a single license because I don't know the answer to that question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
is:feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NightOwl888 @thompson-tomo