Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

license metadata on pypi.org #975

Closed
elveshoern32 opened this issue Nov 11, 2024 · 8 comments
Closed

license metadata on pypi.org #975

elveshoern32 opened this issue Nov 11, 2024 · 8 comments

Comments

@elveshoern32
Copy link

nornir is open source software licensed under the Apache Licence 2.0, isn't it?
At least I find no other statement within nornir's project page at github.com .

However, on pypi.org it looks different:
Beginning with release 3.2.0 there is (additionally to the Apache License) a reference to some 'Other/Proprietary License'.
Is this change of license just a bug in the metadata or did some real change occur?

This issue hits us because OSS gets scanned in our organization periodically, and every time nornir rings a bell and leads to manual checks.
If the mentioning of a proprietary license is just a bug, we would like to see it fixed.

> ls -lad  pypi/src/nornir-3.?.?
drwxr-x--- 3 ya17378 yao20 4096 Nov 11 17:09 pypi/src/nornir-3.1.1
drwxr-x--- 3 ya17378 yao20 4096 Nov 11 17:09 pypi/src/nornir-3.2.0
drwxr-x--- 3 ya17378 yao20 4096 Nov 11 17:09 pypi/src/nornir-3.3.0
drwxr-x--- 3 ya17378 yao20 4096 Nov 11 17:09 pypi/src/nornir-3.4.0
drwxr-x--- 3 ya17378 yao20 4096 Nov 11 17:09 pypi/src/nornir-3.4.1
> grep Propriet -r pypi/src/nornir-3.?.?
pypi/src/nornir-3.2.0/PKG-INFO:Classifier: License :: Other/Proprietary License
pypi/src/nornir-3.3.0/PKG-INFO:Classifier: License :: Other/Proprietary License
pypi/src/nornir-3.4.0/PKG-INFO:Classifier: License :: Other/Proprietary License
pypi/src/nornir-3.4.1/PKG-INFO:Classifier: License :: Other/Proprietary License
> ls -lad  pypi/whl/nornir-3.?.?
drwxr-x--- 4 ya17378 yao20 4096 Nov 11 17:37 pypi/whl/nornir-3.1.1
drwxr-x--- 4 ya17378 yao20 4096 Nov 11 17:38 pypi/whl/nornir-3.2.0
drwxr-x--- 4 ya17378 yao20 4096 Nov 11 17:38 pypi/whl/nornir-3.3.0
drwxr-x--- 4 ya17378 yao20 4096 Nov 11 17:39 pypi/whl/nornir-3.4.0
drwxr-x--- 4 ya17378 yao20 4096 Nov 11 17:38 pypi/whl/nornir-3.4.1
> grep Propriet -r pypi/whl/nornir-3.?.?
pypi/whl/nornir-3.2.0/nornir-3.2.0.dist-info/METADATA:Classifier: License :: Other/Proprietary License
pypi/whl/nornir-3.3.0/nornir-3.3.0.dist-info/METADATA:Classifier: License :: Other/Proprietary License
pypi/whl/nornir-3.4.0/nornir-3.4.0.dist-info/METADATA:Classifier: License :: Other/Proprietary License
pypi/whl/nornir-3.4.1/nornir-3.4.1.dist-info/METADATA:Classifier: License :: Other/Proprietary License

@ktbyers
Copy link
Collaborator

ktbyers commented Nov 11, 2024

@ktbyers
Copy link
Collaborator

ktbyers commented Nov 11, 2024

Should be fixed in @dgarros PR.

@cabellooa
Copy link

@ktbyers I noticed that this issue has been addressed here, but it seems that a new release incorporating this fix has not yet been made.

Could you please consider creating a new release of nornir that includes this fix? This would greatly help us in resolving the license compliance issue and continue using nornir in our projects without interruptions.

Thank you!

@ktbyers
Copy link
Collaborator

ktbyers commented Dec 11, 2024

@cabellooa Why do you need a new release for this?

I guess I don't really see how it helps you with respect to license compliance (as the pypi metadata is not the official statement of the license; the license file with source code in GitHub is the official statement of the license).

The license is Apache2 (the license has always been Apache2).

Note, even the metadata part of this was just a change of how external tooling parsed what we published (i.e. they changed/clarified the metadata strings that you needed to publish to indicate the license).

@kjoyce77
Copy link

@ktbyers

This is due to a corporate license-checking proxy. We can't download the latest Nornir because our proxy thinks it is not open source. We thought if a new release were possible -- that could help us instead of trying to get an exception through internal security.

@ktbyers
Copy link
Collaborator

ktbyers commented Dec 11, 2024

Okay, we will see if anyone steps up to do the release.

I don't think I can bring myself to do it this week as I already did a Netmiko release this week.

@ktbyers
Copy link
Collaborator

ktbyers commented Dec 16, 2024

@cabellooa @kjoyce77 FYI, I started working on this here:

#979

But am running into some Napalm PY3.13 issues that I need to fix first.

@ktbyers
Copy link
Collaborator

ktbyers commented Dec 16, 2024

And napalm is bottlenecked due to PyEZ and their issues with PY3.13 support, see:

Juniper/py-junos-eznc#1352

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants