search

NuGet / NuGetGallery

NuGet Gallery is a package repository that powers https://www.nuget.org. Use this repo for reporting NuGet.org issues.
https://www.nuget.org/
Apache License 2.0
1.55k stars 641 forks source link

[NuGet.org Bug]: SPDX templates for open source licenses do not include copyright information for the developer #10237

Open heymaryhi opened 1 month ago

heymaryhi commented 1 month ago

Impact

It bothers me. A fix would be nice

Describe the bug

When using open source software packages, most OSS licenses require that you copy forward the developer's copyright statement. When the SPDX templates for OSS licenses (like the MIT license) are used on Nuget packages, the copyright information is not included, and we have to navigate to the github repository or elsewhere to get the "real" copy of the OSS license with the copyright information. I am requesting that, instead of using SPDX open source license templates, either use the real copyright holder's copy of the open source license that includes their copyright statement, or just say something like "this is licensed under MIT" and leave it at that instead of linking to an empty template. The current setup is unclear and causes developers to miss copying in the real copyright statement when these packages are used.

Repro Steps

Go to any package licensed under MIT (example: https://www.nuget.org/packages/System.Drawing.Common/8.0.10). Click on "MIT." See the SPDX template instead of the developers actual copy of the MIT license with the copyright statement.

Expected Behavior

Would love the "MIT" link to link to the developer's copy of the MIT license with their copyright statement at the top.

Screenshots

No response

Additional Context and logs

No response

erdembayar commented 3 weeks ago

It looks licenseurl is deprecated in https://learn.microsoft.com/en-us/nuget/reference/nuspec#license, so this new feature request.