On Tue, Apr 29, 2025 at 04:04:32PM +0200, Quentin Schulz wrote: > Hi Tom, > > On 4/29/25 3:52 PM, Tom Rini wrote: > > On Tue, Apr 29, 2025 at 03:28:35PM +0200, Quentin Schulz wrote: > > > Hi Simon, > > > > > > On 4/29/25 3:15 PM, Simon Glass wrote: > > > > Recent versions of Python complain about the license being in the > > > > > > I believe this isn't related to Python but rather setuptools. > > > > > > setuptools 77.0.3 and later support PEP-639 which recommends to ditch the > > > License :: classifier for a license property. > > > > > > The issue is that this license property also changed in PEP-639, with > > > something that isn't compatible with pre-PEP-639. > > > > > > Therefore we need to bump the minimum requirement for the setuptools > > > dependency in the various pyproject.toml to 77.0.3 or later. > > > > > > I'm also wondering if we don't need to add a license-files property (also > > > PEP-639) to comply with the GPL-2.0-or-later which requires to provide a > > > copy of the license. > > > > Thanks for digging in to this more. Is there not some way to both meet > > the PEP and utilize SPDX? > > > > AFAICT, the license field is for the SPDX identifier. > > Not all licenses require you to provide the license to comply with it I > guess? But my reading of GPL-2.0-or-later makes me believe that we need to. > You would then have the license file(s) included when license-files contains > a file that is found at the root of the python project? I believe that the > default value for license-files is ['LICEN[CS]E*', 'COPYING*', 'NOTICE*', > 'AUTHORS*'] so it could be automatically included (and thus the > license-files not be explicit) if the license file(s) is named like that. > > It isn't necessarily a big deal (IANAL) to not have the license shipped if > we don't plan on pushing those to pypi or share sdist/wheels through another > mean (e.g. GitLab/GitHub releases generated with `python3 -m build`)? > > I am not sure exactly what you meant by "both meet the PEP and utilize SPDX" > as I believe they aren't related here? I mean, license property is the way > to define the SPDX identifier in PEP-639, but the missing license-files > doesn't have anything to do with SPDX I believe? Just that it wouldn't be > complying (I believe, still haven't become a lawyer in the last few > paragraphs) with the license itself if the license file isn't shipped. > > What I meant is that in order to use the license property, we need to bump > the setuptools version dependency in pyproject.toml so we're sure we're > building with a recent enough setuptools. > > Let me know if something isn't clear, I just happened to have had a glance > at the PEP this morning for another project, so I am as confident as someone > who spent 5min reading a spec :)
Thanks for explaining more. I misunderstood for a moment. Yes, we still have "Licenses/gpl-2.0.txt" in-tree as the license text itself so we can point at that I hope. -- Tom
signature.asc
Description: PGP signature
