Attr/version 23.1.0 #143
Attr/version 23.1.0 #143
Conversation
There was a problem hiding this comment.
@AWildegger thank you very much for the contribution, please resolve my comments.
There was a problem hiding this comment.
Similar to my comment on Altgraph the disclosure file is not in the format we expect for disclosure files. Of course you can decide to introduce addtional files but this I want to discuss upfront, furthermore the existing formats shall be still provided. I downloaded attrs from https://github.com/python-attrs/attrs/archive/refs/tags/23.1.0.tar.gz the repo link and the version number given in the README file. I analysed the package and provide for your reference my version of the disclosure document below.
What you probably find strange is that I have provided an acknowledgement although MIT does not require such thing but when you analyse the source package you will find a file called CITATION.cff in the root directroy of the pacakge with the following content:
cff-version: 1.2.0
message: If you use this software, please cite it as below.
title: attrs
type: software
authors:
given-names: Hynek
family-names: Schlawack
email: hs@ox.cx
doi: 10.5281/zenodo.6925130
This is the reason for me to provide the below given acknowledgment.
You do not list the acknowledgment and the file is not contained in the spdx files, why?
================================================================================
attrs-23.1.0
================================================================================
LICENSES
MIT
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================================================
ACKNOWLEDGEMENTS
MIT
The attrs software is developed by Hynek Schlawack hs@ox.cx
Copyright notices
Copyright (c) 2015 Hynek Schlawack and the attrs contributors
Copyright (c) 2015 Hynek Schlawack
| -------- | ||
| FileName: site-packages_attr-with-distinfo.zip/site-packages_attr-with-distinfo/attrs/converters.py: | ||
| FileChecksum: SHA256: 7c2044765616726237b029e9524da9cf6d8662d5f3a93929e8d78ea5d23ae0f6 | ||
| LicenseConcluded: LicenseRef-fossology-MIT-cf5b9f6aa02362de11792252d20b1a76 |
There was a problem hiding this comment.
This is obviously a MIT license where you provided also a different text, than the "original" one from the SPDX license list, but I do not find any such license text in this document. Where is it?
| -------- | ||
| FileName: site-packages_attr-with-distinfo.zip/site-packages_attr-with-distinfo/attrs-23.1.0.dist-info/METADATA: | ||
| FileChecksum: SHA256: ca0970517928ef943e209e8b98f550e18f7d2894b708f2b4356f28bd7158b038 | ||
| LicenseConcluded: MIT |
There was a problem hiding this comment.
You have concluded in several cases MIT, you know that the text from the licenses which are listed in the SPDX license list are not contained per default in the SPDX files and this is also the case here. in other words license texts are missing in this document.
| FileCopyrightText: | ||
| Copyright (c) 2015 Hynek Schlawack and the attrs contributors | ||
|
|
||
| LicenseConcluded: MIT |
There was a problem hiding this comment.
As already commented in the altgraph PR I do not thnik that the text of the MIT license is licensed under MIT
| @@ -0,0 +1,20 @@ | |||
| ## Download Location | |||
|
|
|||
| https://github.com/python-attrs/attrs | |||
There was a problem hiding this comment.
Please provide here the concrete download link which is in this case most probably:
https://github.com/python-attrs/attrs/archive/refs/tags/23.1.0.tar.gz
There was a problem hiding this comment.
Please add only the anaylsis for one package in a pull request
There was a problem hiding this comment.
Please add only the anaylsis for one package in a pull request
There was a problem hiding this comment.
Please resolve in this file my comments in the disclosure file and tag value file, too
There was a problem hiding this comment.
Please resolve in this file my comments in the disclosure file and tag value file, too
There was a problem hiding this comment.
Please resolve in this file my comments in the disclosure file and tag value file, too
Adds curation results for attr version 23.1.0.