Open goneall opened 6 years ago
Suggested by @wking on SPDX tech email dist. list
My current preference is solution #2 since #1 depends on the OSI API site being available. The frequency of license updates should be sufficient to keep things in sync.
From @wking
On Fri, Oct 13, 2017 at 09:20:56PM +0000, goneall wrote:
https://api.opensource.org/licenses/ can access the SPDX license ID and OSI status.
The API is backed by OpenSourceOrg/licenses, and there's still a non-canonical warning up there 1. See also OpenSourceOrg/licenses#47. Hopefully serious SPDX interest (and assistance? I have some open PRs over there) will encourage them to push through to something authoritative.
- Fill in the OSI approved text on spdx.org/licenses based on JavaScript and real time access to the OSI API and deprecate the isOsiApproved attribute in the license list XML
I like this way for public HTML, although I think we'll want to go with (2) if we distribute text/plain or similar versions of the list. While there is a risk that the OSI site could go down, I'm fine just telling consumers that the site is down. With the JavaScript approach, you wouldn't have to update the vOld page as the OSI approves new licenses.
But if we plan on periodically rebuilding pages for all versions of the license list to pick up new approvals, then baking the approval status into the built pages is fine.
Moved from https://github.com/spdx/tools/issues/111
@swinslow @jlovejoy Any opinion on this issue? Should we remove the XML OSI Approved from the XML and use the API? At a minimum, I think we should generate a warning.
The following warnings are generated when comparing the OSI metadata to the license-list-XML metadata on OSI approved:
License AFL-2.1 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License AFL-1.2 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License AFL-1.1 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License AFL-2.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License 0BSD is not included in the OSI metadata, but is marked as OSI approved in the License XML
License AGPL-3.0-only is not included in the OSI metadata, but is marked as OSI approved in the License XML
License AGPL-3.0-or-later is not included in the OSI metadata, but is marked as OSI approved in the License XML
License APSL-1.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License APSL-1.1 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License Artistic-1.0-cl8 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License APSL-1.2 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License Artistic-1.0-Perl is not included in the OSI metadata, but is marked as OSI approved in the License XML
License BSD-2-Clause-Patent is not included in the OSI metadata, but is marked as OSI approved in the License XML
License BSD-1-Clause is not included in the OSI metadata, but is marked as OSI approved in the License XML
License BSD-3-Clause-LBNL is not included in the OSI metadata, but is marked as OSI approved in the License XML
License CAL-1.0-Combined-Work-Exception is not included in the OSI metadata, but is marked as OSI approved in the License XML
License CAL-1.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License CERN-OHL-P-2.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License CERN-OHL-S-2.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License CERN-OHL-W-2.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License EPL-2.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License EUPL-1.2 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License GPL-2.0-only is not included in the OSI metadata, but is marked as OSI approved in the License XML
License GPL-2.0-or-later is not included in the OSI metadata, but is marked as OSI approved in the License XML
License GPL-2.0+ is not included in the OSI metadata, but is marked as OSI approved in the License XML
License CECILL-2.1 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License GPL-3.0+ is not included in the OSI metadata, but is marked as OSI approved in the License XML
License GPL-3.0-only is not included in the OSI metadata, but is marked as OSI approved in the License XML
License GPL-3.0-with-GCC-exception is not included in the OSI metadata, but is marked as OSI approved in the License XML
License GPL-3.0-or-later is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LGPL-2.0-only is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LGPL-2.0-or-later is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LGPL-2.1-only is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LGPL-2.1-or-later is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LGPL-2.0+ is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LGPL-2.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LGPL-3.0-or-later is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LGPL-3.0-only is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LGPL-3.0+ is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LiLiQ-Rplus-1.1 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LiLiQ-R-1.1 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LiLiQ-P-1.1 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License MIT-Modern-Variant is not included in the OSI metadata, but is marked as OSI approved in the License XML
License MPL-2.0-no-copyleft-exception is not included in the OSI metadata, but is marked as OSI approved in the License XML
License LGPL-2.1+ is not included in the OSI metadata, but is marked as OSI approved in the License XML
License MulanPSL-2.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License OFL-1.1-RFN is not included in the OSI metadata, but is marked as OSI approved in the License XML
License OFL-1.1-no-RFN is not included in the OSI metadata, but is marked as OSI approved in the License XML
License OLDAP-2.8 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License OSET-PL-2.1 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License OSL-2.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License PHP-3.01 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License UCL-1.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License Unlicense is not included in the OSI metadata, but is marked as OSI approved in the License XML
License UPL-1.0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License Unicode-DFS-2016 is not included in the OSI metadata, but is marked as OSI approved in the License XML
License wxWindows osiApproved is set to true by OSI, but is not marked as OSI approved in the License XML
License MIT-0 is not included in the OSI metadata, but is marked as OSI approved in the License XML
The vast majority of the warnings are due to inconsistencies in the OSI data. The repo hosting the API may no longer be maintained.
See https://github.com/OpenSourceOrg/licenses/issues/62 for the list of inconsistencies.
Warnings not related to OSI data inconsistencies include:
I did not create a PR for the following remaining warnings. I think they can be safely ignored - but @swinslow and/or @jlovejoy should review just to be sure:
Summary - the following SPDX ID's with a warning should be ignored:
0BSD
AGPL-3.0-only
AGPL-3.0-or-later
Artistic-1.0-cl8
Artistic-1.0-Perl
BSD-2-Clause-Patent
BSD-1-Clause
BSD-3-Clause-LBNL
CAL-1.0-Combined-Work-Exception
CAL-1.0
CERN-OHL-P-2.0
CERN-OHL-S-2.0
CERN-OHL-W-2.0
EPL-2.0
EUPL-1.2
GPL-2.0-only
GPL-2.0-or-later
GPL-2.0+
CECILL-2.1
GPL-3.0+
GPL-3.0-only
GPL-3.0-with-GCC-exception
GPL-3.0-or-later
LGPL-2.0-only
LGPL-2.0-or-later
LGPL-2.1-only
LGPL-2.1-or-later
LGPL-2.0+
LGPL-2.0
LGPL-3.0-or-later
LGPL-3.0-only
LGPL-3.0+
LiLiQ-Rplus-1.1
LiLiQ-R-1.1
LiLiQ-P-1.1
MIT-Modern-Variant
MPL-2.0-no-copyleft-exception
LGPL-2.1+
MulanPSL-2.0
OFL-1.1-RFN
OFL-1.1-no-RFN
OLDAP-2.8
OSET-PL-2.1
OSL-2.0
PHP-3.01
UCL-1.0
Unlicense
UPL-1.0
Unicode-DFS-2016
MIT-0
I don't quite have my head around all the warnings that should be ignored (will need to think and look more closely, as well as go into attic of memory...) But generally speaking I am in favor of using the OSI data and your #2 proposal IF: 1) we can confirm the OSI is maintaining this; and 2) perhaps they can add some of the missing stuff so we don't have to "ignore" various warnings
Maybe we should wait to see if you get a response on the issue you logged in due time. If not, then reach out to OSI board directly?
Maybe we should wait to see if you get a response on the issue you logged in due time. If not, then reach out to OSI board directly?
How about we reach out to the OSI board in 2 weeks if we don't hear back.
Haven't heard anything yet - but its only been a few days.
There have been some updates from OSI in their repo - cross referencing them here:
https://api.opensource.org/licenses/ can access the SPDX license ID and OSI status. This can be used to do one of the following: