gtristan commented on code in PR #2095:
URL: https://github.com/apache/buildstream/pull/2095#discussion_r2550410104
##########
src/buildstream/source.py:
##########
@@ -572,6 +579,31 @@ def __init__(
The url of the source input
"""
+ self.attribution_text: Optional[str] = attribution_text
+ """
+ Required acknowledgements for the package
Review Comment:
Ahhh shucks, I liked the idea of *software intentionally being harmful to
cute baby seals when deployed near hockey games* :)
In the unfortunate case that seriousness needs to be deployed in this
comment, let's look at that doc:
> This field provides a place for the SPDX document creator to record, at
the package level, acknowledgements that might be required to be communicated
in some contexts. This is not meant to include the package's actual complete
license text (see PackageLicenseConcluded, PackageLicenseDeclared and
PackageLicenseInfoFromFiles), and might or might not include copyright notices
(see also PackageCopyrightText). The SPDX document creator might use this field
to record other acknowledgements, such as particular clauses from license
texts, which might be necessary or desirable to reproduce. The metadata for the
package attribution text field is shown in Table 35.
This text is a load of nonsense, and looks like it describes a field that
should be called *"random notes"*, it is not at all specific to the concept of
*attribution*. For instance in apache projects there is the `NOTICE` file which
is reserved for acknowledging copyright from code copied in from third parties
under licenses which allow relicencing under ASF, this is really *attributing*
those files with the acknowledgement that the file was borrowed.
The SPDX definition above on the other hand is just a load of meaningless
trash.
Note also it says *"at the package level"*. Is this related to packaging ?
I.e. is this completely unrelated to BuildStream source input, and more
relevant to, for example, debian packages or RPMS ? Do we have traceability
(maybe a git commit and issue thread in the SPDX specifications) leading to the
root cause for it's inclusion ?
My inclination is to just not include this field in BuildStream, until such
a time that an argument can be made for it's meaning.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
