Closed LiberalArtist closed 1 year ago
Answer: use the foundation @sorawee laid in https://github.com/racket/pkg-index/pull/33.
I've added some UI, though I haven't tested this locally yet.
Hello! I'm not familiar with the context, but just noticed this on Discord and wanted to check that this would support public domain work? Such works don't include a license, since they aren't copyrighted. Would there be a way to indicate this via e.g. info.rkt? Maybe this is related to your question about re: distinguishing #f
from absent.
Hi! The license
field in "info.rkt" files supports arbitrary SPDX license expressions. As you probably know, copyright and the concept of "public domain" are different in various jurisdictions. The SPDX project assigns identifiers to concrete statements about how materials are licensed: they explicitly aim to avoid making legal judgements, such as how some statement might be applied in a particular jurisdiction. There are SPDX identifiers for a number of different statements people use to place work in the public domain or to inform recipients they believe the work is in the public domain, such as CC0-1.0
, blessing
(used by SQLite), SAX-PD
, libselinux-1.0
, NIST-PD
, and NIST-PD-fallback
.
The question about distinguishing #f
from absent is really about error reporting: #f
is not well-formed in the grammar of license S-expressions, so the warning should be different if someone writes (define license #f)
than if they simply don't have a definition for license
.
Does that answer your question?
Oh, and I've also written this code not to reject as invalid identifiers matching
#px"^(?i:(?:DocumentRef-[-.[:alpha:][:digit:]]+:)?LicenseRef-[-.[:alpha:][:digit:]]+)$"
which are part of the SPDX mechanism for handling arbitrary license statements that haven't been assigned an identifier (e.g. DocumentRef-spdx-tool-1.2:LicenseRef-MIT-Style-2
or LicenseRef-MIT-Style-1
). I'd expect them to have only limited support in tools generally, though. For example, we can't automatically link to the license text in those cases.
(For code you write, I'd strongly recommend choosing some well-known statement like CC0-1.0
, though.)
I see, those seem to be reasonable affordances for public domain projects. Thank you for those clarifications @LiberalArtist !
@LiberalArtist do you think it makes sense to move the license parsing to its own package (which racket-pkg-website
will require)? That way, when I add more functionalities to license-audit
so that it can validate licenses, it can simply reuse, instead of duplicating the code.
@sorawee I definitely think it would make sense to make a package to parse license S-expressions and ultimately use it here. To me, it would make most sense to first get this feature working, then make an spdx
package, and finally change racket-pkg-website
to use spdx
.
To me, it would make sense to put the spdx
package somewhere under the Racket GitHub organization. While, as I said in response to https://github.com/racket/racket/issues/4276#issuecomment-1146323545, I agree with @samth that the scope of what license-related functionality is developed by Racket as a project should be carefully limited, Racket defines the license S-expression grammar, so it would make sense for Racket to provide basic utilities for parsing and validating license S-expressions. It also seems like a good way to help multiple community-developed tools really be interoperable in terms of the license S-expressions they accept.
I think there are some design considerations that would be worth thinking through before committing to a stable interface for an spdx
package, which is why I'd propose to work on that this feature is done. A few that come to mind:
define-runtime-path
vs. embedding the data at compile time, e.g. with include/reader
?+
operator. How do we organize the interface? Do we need a type hierarchy?OR
expressions easier.equal?
mean?I think this is ready to go as soon as https://github.com/racket/pkg-index/pull/33 is merged! I've put an un-squashed version of these changes at https://github.com/LiberalArtist/racket-pkg-website/tree/hist/license-metadata-0.
One potential improvement, possibly as a separate PR, is to make "This package needs license metadata" an element that can be hovered over, which will pop up a tooltip with content like "If you are a package author, consider adding license
in info.rkt
".
Yeah! I've pushed a simple version. It should be possible to style the tooltip with jQuery UI, but it looks like that would require writing some Javascript.
@samth, could you take a look at this and https://github.com/racket/pkg-index/pull/33 when you have a chance?
@LiberalArtist Sorry for the radio silence here! I've added this to my review queue, and I'll take a look soon. 🙂
I have verified this is working well locally. Once the backend side is deployed, I'll then merge and deploy this side as well.
This has now been deployed and the static pages are being regenerated. 🎉 It will take a bit of time before all of them are updated.
Here are few examples that are already updated:
Very nice!
A minor nit: the blank field in https://pkgs.racket-lang.org/package/phc-toolkit doesn't look pretty. I personally would prefer some italicized text that indicates that there's no information.
All packages and the index page appeared to be updated now.
A minor nit: the blank field in pkgs.racket-lang.org/package/phc-toolkit doesn't look pretty. I personally would prefer some italicized text that indicates that there's no information.
Agreed, it would be good improve that. I'm happy to review and deploy a PR to tweak this. 🙂
On Thu, Oct 13, 2022, at 1:18 PM, J. Ryan Stinnett wrote:
A minor nit: the blank field in pkgs.racket-lang.org/package/phc-toolkit doesn't look pretty. I personally would prefer some italicized text that indicates that there's no information.
Agreed, it would be good improve that. I'm happy to review and deploy a PR to tweak this. 🙂
I did it that way to match how the documentation field is treated in packages without any, e.g. https://pkgs.racket-lang.org/package/1d6, but I think it would be better to change both.
Here's a first step toward adding a UI for package license information.
As @sorawee points out, this code might be better in https://github.com/racket/pkg-index, instead, since an ill-formed license S-expression might not survive
convert-to-json
, but then we'd need to come up with an encoding.Also, should we try to distinguish
#f
from "absent"?Maybe we put this in https://github.com/racket/pkg-build and treat it like documentation, logs, etc?