Licensing compliance

[jpmckinney]

https://pypi.org/project/pip-licenses/

Install in all virtual environments:

for env in (pyenv virtualenvs --skip-aliases --bare);
  pyenv activate $env; pip install pip-licenses
end

Check for a strong copyleft, ignoring false positives (like LPGL, which is weak copyleft) and dual-licensed packages:

for env in (pyenv virtualenvs --skip-aliases --bare);
  pyenv activate $env; echo $env; pip-licenses | grep -E 'GPL|GNU' | grep -v -E 'LGPL|BSD|Artistic License'; echo;
end

Current strong copyleft packages are:

• [x] libcove / libcoveocds / libcoveweb
  • No alternative.
  • Used by Data Review Tools (lib-cove-ocds, cove-ocds, lib-cove-oc4ids, cove-oc4ids).
  • Used by kingfisher-colab (only used internally).
  • Made an optional dependency of kingfisher-process.
• [x] rfc3987 (used with jsonschema for format validation)
  • Switched to rfc3986-validator in all repos except libcove* (which are GPL anyway)
• [x] strict-rfc3339 (used with jsonschema for format validation)
  • Switched to rfc3339-validator
• [x] Unidecode (extension-explorer)
  • Upgraded python-slugify, which now uses text-unidecode by default
• [x] transifex-client
  • No alternative.
  • Only used as an independent utility. Not linked to any code.
• [ ] logparser
  • No alternative.
  • Will be used by scrapy-log-analyzer, to be used by kingfisher-collect and data-registry.

[jpmckinney]

Some packages don't have useful metadata:

• flatterer: MIT https://github.com/kindly/flatterer/blob/main/LICENSE
• sphinxcontrib-opendataservices: MIT https://github.com/OpenDataServices/sphinxcontrib-opendataservices/blob/main/LICENSE

I've created issues for them. Some other packages have fixed their metadata in recent versions; I upgrade those.

[jpmckinney]

Added guidance to e80e568 and addressed all cases.

logparser isn't yet used by kingfisher-collect, but we can make it an optional dependency.