Registry and repository of License List Namespaces: GSOC 2019
This project is two fold:
Organisations long for valid licenses. However, right now, it is only possible for license to be valid if they are defined in the spdx license list. SPDX would like to provide a feature that could allow organisations to maintain custom licenses that will be valid, without the text being in the spdx document. A clear outline of proposed workflows is described in this link; where it is subdivided into Organisation name and DNS name; which specifies the style of the license request. This feature will then allow spdx to have a clear view of licenses that need to be added to the SPDX license list, depending on their frequency of use.
SPDX have not been able to easily track license text which has not been proposed on the spdx license list, their differences/similarities and whether or not they should bear different names(because of their license text). This will allow organisations to maintain a license list with licenses that are not on the spdx license list. These licenses could then be proposed on the spdx license list and adopted if need be. Inorder for this to be properly usable, it is better for this solution to be rest APIs, so that users can integrate and use it from any other applications. This project will avoid the introduction of duplicates because it shall compare the newly added license text to see if the license text has already been defined, add a license text to our central git repository, remove a license to the list, also remove aliases that point to the same license text and also provide metrics/statistics of the use of specific licenses so that they could be proposed on the spdx license list.
This project is about allowing organisations to define custom licenses valid and use them even if these licenses are not present in the SPDX license list. This will give more flexibility and freedom to organisations; and more importantly, this will speed up the process of having their licenses validated by SPDX prior to using them.
After working on the spdx online tools repos and having a close look at its functionalities, I think it is best for these tools to be a features that will be added to the SPDX Online Tools, simply because: SPDX Online tools already is integrated to github APIs to submit issues on repositories SPDX Online tools can create a visual of all requests for new license namespaces, as it is done with license requests This will enable us to have one central application where organisations can perform most of their actions These features can be exposed via django rest framework APIs like Tushar Mittal did in the SPDX online tools The User interface, tests, and project outline is already present, so I will only have to focus on the most important thing, which is adding features that will satisfy the requirements So, every line of code that I will write will be pushed to the Online tools repo.
Below are the use cases that will be satisfied by our tool, and how I intend to satisfy them:
The namespace can be a dns-style request or a free-format namespace (e.g. .org.spdx.ad-hoc-licenses or this-is-my-licenses) I shall create a django model that will store new license namespaces requests similar to what has already been done in SPDX Online Tools. Among other fields, a new license namespace request will have the organisation name and/or id, so that license namespaces could be filtered by organisation names/ids. The organisation name shall also be stored in a Django model and shall be a foreign key in the license namespace model.
User agrees that the information will be publicly shared per the terms of the Linux Foundation privacy policy
Before creation of a namespace, a verification is made by using the github search APIs documented here to find out if the namespace already exists in the repository. If it does not exist, a pull request is created for the new namespace.
This pull request will be created with some help from the github apis, and upon acceptance, this namespace will be displayed on the website.front end of our feature/tool.
So, I shall also implement a front-end in django jinja to allow for the proper display of license namespaces.
See if a license text has already been registered or if license text is already on the SPDX License List. If so, the ID will be returned.
I will write a django rest API that shall expose a function that will: take as input the license text Check if the license text has been registered or if it is already on the SPDX license list If the license is already present, the license ID is returned
See if the license text for a license matches license text for other licenses within the same repository.
Clear enough.
See if the license text for a license matches license text for other licenses within other repositories.
Maintain a list of license aliases, preferably as a file in a github repositories. The aliases would include all license ID's for licenses with the same text.
Promote a license to the license list - this would call the REST API's for the online tool to add a license to the SPDX license list.
If the verification of whether the license is already present prior to adding it, I shall write an API that will perform this check to avoid duplicates.
I will write a django REST API that will expose a function which will remove a license reference and update the aliases.
Provide metrics on use for licenses to help the SPDX legal team propose licenses which should be on the SPDX license list.
- https://github.com/spdx/spdx-online-tools/pull/124
- https://github.com/spdx/spdx-online-tools/pull/129
- https://github.com/spdx/spdx-online-tools/pull/133
- Discuss project requirements
- Establish work plan moving forward
- Do necessary research on tools that could be of help
- Read the Github API documentation
- Design and code a django model to store requests for new license namespaces
- Write function utilities for connection to the spdx license repo
- Design and code jinja form that will allow users to save items to the above model
- Implement a function that can check if a license text has already been registered or if license text is already an the SPDX License List
- Add a post_save signal on the django model, so that after saving a license namespace request, a pull request is submitted on the github repo
- Implement function to check if a license already exists in our repo or if it is already registered in the SPDX license list
- Write function to display accepted requests on our tool
- Design and implement a table on the front-end to display submitted license namespaces requests on the frontend
- Implement a function to Promote a license to the license list
- Implement a function to archive a license namespace
- Add edit submitted license namespace functionality
- This will also update the created license namespace on the repo, so that before validating, the admin knows whether it has been archived or not
- Write tests for all functionalities
How to use/Demo:
- Go to license namespace requests sub-menu on the license namespaces menu dropdown
- This will open the page below:
- Fill in the form as shown in the image below:
Submit the license namespace request - This will display the modal below, for success:
- An issue will also be created at this repo: https://github.com/spdx/license-namespace-test
- Navigate to license namespace -> license requests. Here, you will see the newly created license namespace listed, as shown below:
- you can have a closer look at this license namespace's xml
- You can promote this namespace request to the license request list,
- After promoting the license namespace successfully, if you refresh the page, you won't be able to re-submit the same license namespace:
- You can check the license list to see if the license namespace was successfully promoted:
- You can also check if the corresponding issue was created at this repo: https://github.com/spdx/TEST-LicenseList-XML
- You can also archive a license namespace:
- and in the list of archived license namespaces, you can see the archived items:
Current status:
- Provide metrics on use for licenses to help the SPDX legal team propose licenses which should be on the SPDX license list.