Introduce standardized license identifiers

[Biscgit]

Introduce standardized license identifiers

With this PR we are moving to use standardized licenses (as listed in SPDX license list) for all records. I also added a test and GH Action to ensure that new records will have the license identifiers set correctly before merging.

Once this has been merged, the compatibility implementations in the portal can be removed safely.

Warning

Only merge this AFTER cernopendata/cernopendata-portal#87 has been deployed to production! Otherwise, it might break the current implementation of displaying licenses.

Edit: This has been deployed by now

Important

Since not all licenses could be clearly transfered to which they concretly refer to (for example which BSD-X-Clause), please especially check the changes in the following comments.

Closes #3111

[Biscgit]

No further information on which exact BSD license is used. Assuming most commonly used.

[tiborsimko]

Looking into the source code repository linked in that record: https://github.com/cms-outreach/ispy-webgl/blob/master/LICENSE I see that the license is actually MIT now, not BSD.

[Biscgit]

No further information on if only the current GPLv3 license should be used, or also apply to changes in upcoming versions. Assuming only the current license should be valid.

[tiborsimko]

Yes, this should be OK. However if we want to be very precise, you can check the license body that exists in the linked repository: https://github.com/cms-opendata-analyses/pattuples2011/blob/master/COPYING

[Biscgit]

I think it is better to leave it with -only. It should be much easier to expand that sometime in the future if needed, than later revert the changes.

[tiborsimko]

todo: ‏Can you please introduce leading shebang?

#!/usr/bin/env python

And make this script executable by itself?

chmod u+x scripts/check_licenses.py

This will be good for consistency with the other helper scripts.

[tiborsimko]

praise: ‏I appreciate that you included the checker tool together with fixture changes 👍

[tiborsimko]

nitpick (non-blocking): ‏After chmod-ding the check license script, see the other comment, you can remove reading python3 here.

[tiborsimko]

todo: ‏The order "invalid license FOO identifier" could be inverted for readability: "invalid license identifier FOO".

todo: Instead of "with recid RECID", we should say "for recid RECID".

[tiborsimko]

todo: ‏The last phrase may not be clear to users. Perhaps say: "If you use a valid SPDX license string that is not in the above list, please contact [email protected]".

[tiborsimko]

Looking into the source code repository linked in that record: https://github.com/cms-outreach/ispy-webgl/blob/master/LICENSE I see that the license is actually MIT now, not BSD.

[tiborsimko]

Yes, this should be OK. However if we want to be very precise, you can check the license body that exists in the linked repository: https://github.com/cms-opendata-analyses/pattuples2011/blob/master/COPYING

[tiborsimko]

todo: ‏I'd also have some commit log cosmetics comments. The current status looks like:

• Licenses: Rebased on main branch and adjusted licenses for new delphi datasets
• checks: improved final log messages
• license: changed licenses current ids to standardized format
• checks: fixed missing error exit
• checks: created new action for running the license check
• checks: applied linter changes
• checks: created check for upcoming license changes

It is not necessary to have all these commits separate, since chances are we won't start any branch from those "intermediate" commits that are not really necessary and that may only pollute git commit history. (Which could be counterproductive for later bisecting). This is just cosmetics for the pull request at hand, but may be important for big feature changes for the application. It's good to use the same principles here, for consistency.

You may want to squash everything into basically two different commits:

• ci(check-licenses): add licence value checker
• feat(records): switch to SPDX license attribution values

Note also the usage of Conventional Commits style for the commit messages. It's a nice wide-spread standard, we use it for REANA or for cernopendata-client, and I started to use it lately for the open data content repository as well. It make things tidier when one inspects the commit headers of a repository.

[tiborsimko]

todo: ‏Also please add yourself to the AUTHORS.rst file so that your contributions are nicely and visibly acknowledged 😄

[Biscgit]

I merged today's introduced atlas records into this branch as well 👍