Tagadda
commented
7 months ago Reading the Annex D and Annex E, it looks like SPDX "format" supports custom licences, and this was not implemented in package_linter yet.
A simple
is composed one of the following: [...]
- An SPDX user defined license reference:
["DocumentRef-"1*(idstring)":"]"LicenseRef-"1*(idstring)Alternatively, you can use a LicenseRef- custom license identifier to refer to a license that is not on the SPDX License List, such as the following:
SPDX-License-Identifier: LicenseRef-my-special-licenseThe LicenseRef- format is defined in Annex D. When using a custom LicenseRef- identifier, you will also need to provide a way for others to determine what license text corresponds to it. Version 3.0 of the REUSE Software Specification provides a standardized format that can optionally be used for providing the corresponding license text for these identifiers.
Bookwyrm uses a license who is not listed on spdx.org see: https://github.com/YunoHost-Apps/bookwyrm_ynh/issues/10
so the packager can't specify the real app license without receiving a warning by the package linter
for now the package linter only check if the provided license in the package's manifest.toml exists in the spdx.org list
but the spdx specification allow custom license code for non-listed licenses see: https://spdx.github.io/spdx-spec/v2.2.2/other-licensing-information-detected/
we should allow this kind of custom license code
Other issue, we download and parse the XML file of the SPDX licenses, we could simply use the JSON file + regex check for the case described above.
Or, we could handle our own acceptable license list, since some licenses in there are not FSF- and OSI-approved.