No template found for BSD-2-Clause

[BastianZim]

Hi,

my knowledge of rust is exactly zero so sorry if this is something obvious. One of the packages I'm running this on (retworkx) has a dependency on numpy where I'm getting the following error:

[2021-12-11T17:23:33Z WARN  bundle_licenses_lib::found_license] No template for BSD-2-Clause license in numpy:0.15.0 - /Users/bastianzimmermann/.cargo/registry/src/github.com-1ecc6299db9ec823/numpy-0.15.0/Cargo.toml

I would assume that this is from the template check mentioned in the readme. I can find BSD-2-Clause in here but no idea if this is the right place to look and if something should be changed here: https://github.com/sstadick/cargo-bundle-licenses/blob/f824e2f97ba9372b87ae116f7f5f1591c20fba74/src/license.rs

[sstadick]

Thanks for making an issue! (I'm answering both questions in this one response).

Some templates are very finicky / tricky with extra clauses and such, as noted in your apache issue, so I've erred on the side of producing warnings and having the user copy paste in known good licenses which should then be copied forward for you on future runs of the program.

This is actually the code that largely deals with the license templates. So you would need to add the template in the licenses dir and update that match block. I will try to write up a small "How to make a PR and add a license" section to the README because I'm sure there will be more licenses that people care about in the future.

PRs are very welcome!

[BastianZim]

Thanks for your answer. And thanks for the tool by the way. I found several PRs adding rust packages and it seemed to be a mess before this...

Some templates are very finicky / tricky with extra clauses and such, as noted in your apache issue, so I've erred on the side of producing warnings and having the user copy paste in known good licenses which should then be copied forward for you on future runs of the program.

Understood and that's what I've largely been doing. I'll create a PR for BSD-2-Clause but as mentioned have never programmed in rust before so please double check any changes. :) How should I proceed with Apache 2 because there already is a template? Different names or what do you think is the best approach?

I will try to write up a small "How to make a PR and add a license" section to the README because I'm sure there will be more licenses that people care about in the future.

I think I can follow your explanation here now but that would probably be great for others. I'll make a mental note to add this tool to the conda-forge docs, if you don't mind.

[sstadick]

1. Thanks for making the PR, I'm running the CI checks now 👍 Agreed on the other methods of License gathering for Rust projects in Conda forge.

2. Regarding Apache 2.0, that's super annoying. Looking here https://spdx.org/licenses/Apache-2.0.html the appendix looks standard, but looking at the XML of the licenses in Github that section of the appendix is listed as optional. It also kind of seems like only the paragraph saying how to apply the license is optional and the text of the next two paragraphs should be present.

I will set things up to modify the template to see if removing the:

   APPENDIX: How to apply the Apache License to your work.

      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "[]"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "printed page" as the copyright notice for easier
      identification within third-party archives.

text from the template allows for matching both types. If not, I'll leave it as is for now since github auto-generates the long form license https://github.com/sstadick/TestLicese/blob/main/LICENSE and leave the apache2 issue you made open to be investigated when looking at pulling the licenses text sources from the github spdx repo where optional sections are appropriately marked.

3. I'll fix the REAMDE sometime in the next few days to add better instructions for PRs. Feel free to link this tool anywhere, I fully intend to be supporting it for others, as well as for my own present and future tools in conda-forge 👍

[BastianZim]

1. Thanks!
2. Ok makes sense. Thanks for investigating this! Just to maybe not reinvent the wheel. Grayskull also has a license matching algorithm although it also does it locally (And is in python): https://github.com/conda-incubator/grayskull/tree/main/grayskull/license
3. Great! Will add this to the docs then once the Readme is updated. I'll also open an issue in Grayskull. Might make sense to have this added whenever the rust compiler is in a recipe. Or at least have it in the linter.

[sstadick]

I will check out the grayskull implementation! Thanks for pointing that out. I haven't used grayskull yet.

See v0.4.0 for the BSD update. I'll ping you here when the README is also updated 👍

[BastianZim]

Awesome, thanks for your quick help here!

[BastianZim]

Hi @sstadick just a quick note here, I just stumbled upon this tool which should do the heavy lifting for the license matching: https://github.com/spdx/spdx-license-matcher

It is in python and requires a Redis server though so not sure if you can use it here directly, but maybe the approach is something that can help.

[sstadick]

They are pulling the SPDX liceses it looks like, which I'm not totally opposed to doing, it's just pretty different than the existing internal structure of this tool.

The next time I publish a tool on conda I'm sure I'll be revisiting this and will investigate that route as well :+1: For the time being the semi-manual "copy-paste anything not covered by this tool" doesn't seem too painful for me.

[BastianZim]

Yeah makes sense. Definitely, the current setup seems to be working well so would also stick with it, I just saw it and wanted to mention it for completeness. :)

[sstadick]

Totally! And please keep adding to this thread as you find more stuff! It is appreciated