Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use SPDX short code for license in Pyproject.toml #297

Merged
merged 1 commit into from
Sep 19, 2023

Conversation

schallis
Copy link
Contributor

@schallis schallis commented Aug 22, 2023

I noticed that the license for this project on Pypi1 lists two licenses (BSD License, Other/Proprietary License (BSD)) when it should probably only list the first.

Software supply chain tools like Sonatype2 rely on these fields being set correctly when determining whether to block or allow packages to be installed. Because a license of type Other/Proprietary is being shown on Pypi, Sonatype is restricting access to this package for my organization even though it is BSD licensed and valid for commercial use. I believe this is because the pyproject.toml license attribute is set to an unrecognized string and thus mapped to Other/Proprietary.

This PR attempts to fix the issue by instead specifying a valid SPDX3 short code as specified in the Poetry docs4.

Footnotes

  1. https://pypi.org/project/django-auth-adfs/

  2. https://www.sonatype.com

  3. https://spdx.org/licenses/BSD-2-Clause.html

  4. https://python-poetry.org/docs/pyproject/

This will ensure that downstream tools e.g. Pypi are able to correctly map the license to a known one instead of marking it as Proprietary.
@JonasKs JonasKs merged commit 9a5a9d5 into snok:master Sep 19, 2023
44 of 48 checks passed
@JonasKs
Copy link
Member

JonasKs commented Sep 19, 2023

Thanks! 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants