search

aboutcode-org / pip-requirements-parser

a mostly correct pip requirements parsing library
MIT License
20 stars 9 forks source link

License clarification #21

Open eclipseo opened 1 year ago

eclipseo commented 1 year ago

Hi,

The metadata says MIT:

[metadata]
name = pip-requirements-parser
license = MIT

# description must be on ONE line https://github.com/pypa/setuptools/issues/1390
description = pip requirements parser - a mostly correct pip requirements parsing library because it uses pip's own code.
long_description = file:README.rst
long_description_content_type = text/x-rst
url = https://github.com/nexB/pip-requirements-parser

author = The pip authors, nexB. Inc. and others
author_email = info@aboutcode.org

classifiers =
    Development Status :: 5 - Production/Stable
    Intended Audience :: Developers
    Programming Language :: Python :: 3
    Programming Language :: Python :: 3 :: Only
    Topic :: Software Development
    Topic :: Utilities

keywords =
    utilities pip requirements parser dependencies pypi

license_files =
    mit.LICENSE
    AUTHORS.rst
    CHANGELOG.rst
    README.rst

but you also carry Apache-2.0 license file in the repo. Is this an error?

Thanks.

pombredanne commented 1 year ago

@eclipseo good catch! This is actually not an error to have an Apache license, but this is is an error not to have updated the declared top level license in the setup metadata ... We had to extract a subset of an old version of the packaging library that is under BSD-2-Clause OR Apache-2.0 because of changes in this library and to ensure we could continue parsing legacy PyPI versions.

You could almost say that this is a cobbler's so problem of sorts ;)

See https://github.com/nexB/pip-requirements-parser/issues/10 for some history as of why we did have to backport this, thanks to @wellshs

You could almost say that this is a cobbler's so problem of sorts ;)

The definitive primary license for this package is MIT AND (BSD-2-Clause OR Apache-2.0) leaving aside the secondary licenses used in etc/ and tests/ files that are not used at runtime.

See https://github.com/nexB/pip-requirements-parser/blob/main/src/packaging_legacy_version.py.ABOUT and other ABOUT files that we use to document all origins and licenses too.