922444 – [guru] www-apps/zola-0.17.2: wrong license

Bug 922444 - [guru] www-apps/zola-0.17.2: wrong license

Summary: [guru] www-apps/zola-0.17.2: wrong license

Status:	UNCONFIRMED

Alias:	None

Product:	GURU
Classification:	Unclassified
Component:	Package issues (show other bugs)
Hardware:	All All

Importance:	Normal normal
Assignee:	Cara Salter

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-01-18 19:51 UTC by YOSHIOKA Takuma
Modified:	2024-04-07 20:20 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description YOSHIOKA Takuma 2024-01-18 19:51:11 UTC

Summary:

Running `cargo license` on zola v0.17.2, I get the line below for the crates (Rust libraries) with the custom license, so the current `LICENSE` in the ebuild is simply wrong.

```
$ cargo license  #v0.17.2
(snip)
Custom License File (2): ring, webpki
(snip)
```

(Just FYI, the situation has changed a little bit from zola v0.18.0, but the issue still remains.)

```
$ cargo license  #v0.18.0
(snip)
Custom License File (2): ring, tinystr
(snip)
```


Licenses:

* ring: https://github.com/briansmith/ring/blob/73fb637078ea1a37719cf0c5f3055f9a18dcc1e0/LICENSE
* webpki: https://github.com/briansmith/webpki/blob/fe5bbc1ee0fe559b46cb6fdb39287cbc30266de1/LICENSE
* tinystr: https://github.com/unicode-org/icu4x/blob/a917d38e90c5fdea62397da64d7b3bf5c2fa09da/LICENSE
    + Note that "UNICODE LICENSE V3" is different from `unicode` license in gentoo repository.

Situations:

* ring
    + Stop using OpenSSL-license-licensed code. · Issue #1827 · briansmith/ring <https://github.com/briansmith/ring/issues/1827>
* webpki
    + Use "license" instead of "license-file" in Cargo.toml · Issue #148 · briansmith/webpki · GitHub <https://github.com/briansmith/webpki/issues/148>
    + Wrong license identification on crates.io breaks guix importer · Issue #246 · briansmith/webpki · GitHub <https://github.com/briansmith/webpki/issues/246>


FYI, I experimentally created ebuild for zola v0.18.0, but I'm not sure this is correct license handling, and not going to commit this file to ::guru...
-> https://github.com/lo48576/lo48576-portage-overlay/compare/fd7d81a26d8512402438b0f80936518d9112d926...e12033bca319fdcfd413bb5342f7467dad9d87de


Reproducible: Always

Steps to Reproduce:
1. Run `cargo license` on zola repository (with v0.17.2 checked out).
2. Compare and consult the command output and the `LICENSE` line in ebuild.
Actual Results:  
`LICENSE` is not correct because custom licenses are ignored.
Additionally, too restrictive for some deps with non-custom license (for example, Boost-1.0 is not necessary since it only appears as part of `APACHE-2.0 OR BSL-1.0` for `ryu` crate).

Expected Results:  
`LICENSE` properly reflects the actual license of zola.

Licenses are checked by =dev-util/cargo-license-0.5.1.

Comment 1 Anna Vyalkova 2024-01-24 12:40:00 UTC

GURU is a collaborative project and you can fix everyone's packages.