search

apache / lucenenet

Apache Lucene.NET
https://lucenenet.apache.org/
Apache License 2.0
2.16k stars 619 forks source link

Set license expression on nuget #934

Open thompson-tomo opened 1 month ago

thompson-tomo commented 1 month ago

Is there an existing issue for this?

Is your feature request related to a problem? Please describe the problem.

By using a license url external tools can not easily analyse the license types in use

Describe the solution you'd like

The nuget package has the license expression set

Additional context

N/a

NightOwl888 commented 1 month ago

Lucene.NET is covered under a compound license. There were several separately licensed components that were bundled in Lucene that were ported from Java and then we also added some separately licensed .NET software from 3rd parties. See the additional licenses in the LICENSE.txt file.

Per the Apache License Policy, we must bundle the license file with software distributions. That being said, I don't think that fact precludes us from using an SPDX license expression, but it is going to cause us slightly more maintenance to update both the expression and the license file every time the licensing changes.

Perhaps we need to ping infra/legal about this request because I am not sure whether bypassing the license attributions with an SPDX will violate the Apache License Policy. It is pretty specific about including the attributions in the license and AFAIK there is no way to include them in an SPDX.

I suspect we could accommodate this request if:

  1. Someone works out the compound SPDX expression that we will need.
  2. Someone contributes documentation on how to keep the license file and SPDX expression in sync or provides some way that it could be automated (perhaps by embedding the expressions right into the LICENSE.txt file for the additional licenses so they can be combined appropriately and maintained in one place). Either way we should document the procedure because the components that we bundle changes from time to time and we will need to have a procedure to keep it updated.
  3. We continue to bundle the LICENSE.txt file in the NuGet packages as per the Apache License Policy.
  4. We comply with the Apache License Policy in every other way. We need to work with infra/legal to confirm we can even do this.

The SPDX expression for our packages will be quite long. Does that negate the benefit of having one? In the past, I have only used an SPDX for projects that are covered under a single license because I don't know the answer to that question.