License metadata on windows runtime nuget packages is wrong

[js6pak]

According to the LICENSE.TXT inside dotnet-sdk-8.0.403-win-x64.zip/dotnet-runtime-8.0.10-win-x64.zip the license of those binaries is the .NET Library License. But the license fields on https://www.nuget.org/packages/Microsoft.NETCore.App.Runtime.win-x64/8.0.10 and https://www.nuget.org/packages/Microsoft.WindowsDesktop.App.Runtime.win-x64/8.0.10 say MIT even though they contain the offending binaries: runtimes/win-x64/native/Microsoft.DiaSymReader.Native.amd64.dll, runtimes/win-x64/native/PresentationNative_cor3.dll etc.

Also, there is the question of whether the license is even .NET Library License if it contains files like runtimes/win-x64/native/D3DCompiler_47_cor3.dll and runtimes/win-x64/native/vcruntime140_cor3.dll which according to https://github.com/dotnet/core/blob/main/license-information-windows.md are licensed under Windows SDK License and Microsoft Visual C++ Runtime Software License, respectively.

[dotnet-policy-service[bot]]

Tagging subscribers to this area: @dotnet/area-meta See info in area-owners.md if you want to be subscribed.

[jkotas]

cc @richlander

[richlander]

Thanks for the report! You are correct. That doesn't seem right. We'll get this fixed in main and then backport.

I'll talk to some folks.

[jeffhandley]

cc @dotnet/area-infrastructure-libraries for awareness

[richlander]

Status:

• We plan to link to the referenced file as our license for Windows builds: https://github.com/dotnet/core/blob/main/license-information-windows.md. It's not actually a license itself, but I don't think that is a problem.
• The C++ runtime license is not sufficient since it doesn't actually obviously allow redistribution which is inherent to the scenario. We're working to get that resolved.

It would be best to wait for final guidance before making any license changes to the artifacts we produce/publish.

[js6pak]

The C++ runtime license is not sufficient since it doesn't actually obviously allow redistribution which is inherent to the scenario. We're working to get that resolved.

According to WPF docs, vcruntime140_cor3.dll is just a renamed vcruntime140.dll which should be redistributable under the VS license as it's inside [VisualStudioFolder]\VC\redist which is specified by the Distributable List.

[richlander]

That's good context. We'd prefer not to have to use the whole VS license. I think that's actually what we were doing before. Either way, we'll sort this out.

[richlander]

We now have more clarity on next steps:

• All Windows artifacts (runtime, aspnetcore, sdk) should reference [1] as their license.
• Merge https://github.com/dotnet/core/pull/9562

@leecow -- Who should be assigned this work?

[1] https://github.com/dotnet/core/blob/main/license-information-windows.md

[richlander]

We merged the referenced PR.

@leecow -- who would be responsible for updated packages to use the correct license?