Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-03-24 Thread Sandro Mani 
So the current Array::IntSpan maintainer managed to track down the 
original author, which has agreed to relicense to Artistic-2.0, which 
resolves this issue.

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-24 Thread Jonas Smedegaard 
Quoting Sandro Mani (2020-02-24 15:16:16)
> 
> On 24.02.20 15:14, Jonas Smedegaard wrote:
> > Quoting Sandro Mani (2020-02-24 14:29:41)
> >> On 24.02.20 13:16, Jonas Smedegaard wrote:
> >>> I'll go with applying the patch, and make a note in the rpm 
> >>> specfile
>  that it is a temporary hack and causes the deficiencies you 
>  describe.
> >>> Your call :-)
> >> Could you confirm whether the temporary hack would result in the 
> >> same level of accuracy licensecheck-3.0.39 had (before the 
> >> dependency on Array-IntSpan was added), or whether the 
> >> Array-IntSpan logic replaced previous logic, and hence the patch 
> >> would result in worse accuracy than 3.0.39?
> > No, I won't do any detailed research on your fork of my project, nor 
> > will I do any detailed research into the exact effective delta for 
> > historic releases of my project: Enough on my plate only moving 
> > forward.
> Sheesh, that was just an honest question, "sorry I'm not sure about 
> that" would have been sufficient as an answer...

Oh, I didn't mean to imply anything by that long response.

I am perfectly fine that you asked.

Cheers,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-24 Thread Jonas Smedegaard 
Quoting Sandro Mani (2020-02-24 14:29:41)
> 
> On 24.02.20 13:16, Jonas Smedegaard wrote:
> > I'll go with applying the patch, and make a note in the rpm specfile
> >> that it is a temporary hack and causes the deficiencies you 
> >> describe.
> > Your call :-)
> 
> Could you confirm whether the temporary hack would result in the same 
> level of accuracy licensecheck-3.0.39 had (before the dependency on 
> Array-IntSpan was added), or whether the Array-IntSpan logic replaced 
> previous logic, and hence the patch would result in worse accuracy 
> than 3.0.39?

No, I won't do any detailed research on your fork of my project, nor 
will I do any detailed research into the exact effective delta for 
historic releases of my project: Enough on my plate only moving forward.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-24 Thread Sandro Mani 



On 24.02.20 15:14, Jonas Smedegaard wrote:

Quoting Sandro Mani (2020-02-24 14:29:41)

On 24.02.20 13:16, Jonas Smedegaard wrote:

I'll go with applying the patch, and make a note in the rpm specfile

that it is a temporary hack and causes the deficiencies you
describe.

Your call :-)

Could you confirm whether the temporary hack would result in the same
level of accuracy licensecheck-3.0.39 had (before the dependency on
Array-IntSpan was added), or whether the Array-IntSpan logic replaced
previous logic, and hence the patch would result in worse accuracy
than 3.0.39?

No, I won't do any detailed research on your fork of my project, nor
will I do any detailed research into the exact effective delta for
historic releases of my project: Enough on my plate only moving forward.
Sheesh, that was just an honest question, "sorry I'm not sure about 
that" would have been sufficient as an answer...

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-24 Thread Sandro Mani 



On 24.02.20 13:16, Jonas Smedegaard wrote:

I'll go with applying the patch, and make a note in the rpm specfile

that it is a temporary hack and causes the deficiencies you describe.

Your call :-)


Could you confirm whether the temporary hack would result in the same 
level of accuracy licensecheck-3.0.39 had (before the dependency on 
Array-IntSpan was added), or whether the Array-IntSpan logic replaced 
previous logic, and hence the patch would result in worse accuracy than 
3.0.39?


Thanks
Sandro

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-24 Thread Jonas Smedegaard 
Quoting Sandro Mani (2020-02-24 12:26:34)
> 
> On 24.02.20 12:21, Jonas Smedegaard wrote:
> >
> >>> If you do choose to carry this patch, then I kindly request that you
> >>> document clearly that you are effectively distributing a fork of the
> >>> code, so that your users do not get the false impression that the
> >>> quality of your licensecheck is on par with that of licensecheck
> >>> released by me.
> >> I just need a short-term solution to get licensecheck working again
> >> (currently it is completely broken). If there are better solutions,
> >> I'm happy to go for whatever works!
> > Here are some options I can see:
> >
> >* Roll back to an older release not depending on Array::IntSpan
> >  (and roll back Regexp::Pattern::License as well)
> >* Wait for me to find a replacement for Array::IntSpan
> >* Apply your patch and document its deficiencies as I request above
> 
> Rolling back would involve "Epoch" bumps in the package which are 
> kinda ugly because they'll stay there for the lifetime of the package, 
> so I'd rather avoid them.

In Debian we avboid epochs for temporary rollback by use of +really, 
e.g. licensecheck-3.0.41+really.3.0.39-1 - perhaps you adopt that trick?


> I'll go with applying the patch, and make a note in the rpm specfile 
> that it is a temporary hack and causes the deficiencies you describe.

Your call :-)

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-24 Thread Sandro Mani 



On 24.02.20 12:21, Jonas Smedegaard wrote:



If you do choose to carry this patch, then I kindly request that you
document clearly that you are effectively distributing a fork of the
code, so that your users do not get the false impression that the
quality of your licensecheck is on par with that of licensecheck
released by me.

I just need a short-term solution to get licensecheck working again
(currently it is completely broken). If there are better solutions,
I'm happy to go for whatever works!

Here are some options I can see:

   * Roll back to an older release not depending on Array::IntSpan
 (and roll back Regexp::Pattern::License as well)
   * Wait for me to find a replacement for Array::IntSpan
   * Apply your patch and document its deficiencies as I request above


Rolling back would involve "Epoch" bumps in the package which are kinda 
ugly because they'll stay there for the lifetime of the package, so I'd 
rather avoid them.


I'll go with applying the patch, and make a note in the rpm specfile 
that it is a temporary hack and causes the deficiencies you describe.


Thanks
Sandro

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-24 Thread Jonas Smedegaard 
Quoting Sandro Mani (2020-02-24 12:04:34)
> On 24.02.20 11:58, Jonas Smedegaard wrote:
> > Quoting Sandro Mani (2020-02-24 10:12:50)
> >> Since I need to update the package in Fedora (it is currently broken),
> >> I've prepared the patch below to remove the dependency. Can you
> >> perhaps confirm that it does not fundamentally break licensecheck in
> >> some way?
> >>   From my tests, it appears to work.
> > Uhm, it won't _fundamentally_ break, but it will find multiple related
> > licenses where only one exist - e.g. detect fulltext of AGPL as either
> > AGPL or GPL because it mentions GPL.
> Thanks, that explains the one test failure I'm seeing.

Oh, so I _do_ include a test revealing that.  Sorry, I am aware that the 
included testsuite doesn't have full coverage. :-/


> > If you do choose to carry this patch, then I kindly request that you 
> > document clearly that you are effectively distributing a fork of the 
> > code, so that your users do not get the false impression that the 
> > quality of your licensecheck is on par with that of licensecheck 
> > released by me.
> I just need a short-term solution to get licensecheck working again 
> (currently it is completely broken). If there are better solutions, 
> I'm happy to go for whatever works!

Here are some options I can see:

  * Roll back to an older release not depending on Array::IntSpan
(and roll back Regexp::Pattern::License as well)
  * Wait for me to find a replacement for Array::IntSpan
  * Apply your patch and document its deficiencies as I request above


> > I _do_ intend to fix this issue, just haven't gotten around to it 
> > yet, and a proper fix involved _replacing_ Array::IntSpan, not 
> > simply stripping it.
> 
> Thanks, unfortunately my perl knowledge is pretty much zero, so sorry 
> for not being able to help more.

I can relate to that: Sounds like me when dealing with Python :-)


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-24 Thread Sandro Mani 

Hi Jonas

On 24.02.20 11:58, Jonas Smedegaard wrote:

Hi Sandro,

Quoting Sandro Mani (2020-02-24 10:12:50)

Since I need to update the package in Fedora (it is currently broken),
I've prepared the patch below to remove the dependency. Can you
perhaps confirm that it does not fundamentally break licensecheck in
some way?
  From my tests, it appears to work.

Uhm, it won't _fundamentally_ break, but it will find multiple related
licenses where only one exist - e.g. detect fulltext of AGPL as either
AGPL or GPL because it mentions GPL.

Thanks, that explains the one test failure I'm seeing.


If you do choose to carry this patch, then I kindly request that you
document clearly that you are effectively distributing a fork of the
code, so that your users do not get the false impression that the
quality of your licensecheck is on par with that of licensecheck
released by me.
I just need a short-term solution to get licensecheck working again 
(currently it is completely broken). If there are better solutions, I'm 
happy to go for whatever works!


I _do_ intend to fix this issue, just haven't gotten around to it yet,
and a proper fix involved _replacing_ Array::IntSpan, not simply
stripping it.


Thanks, unfortunately my perl knowledge is pretty much zero, so sorry 
for not being able to help more.


Sandro

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-24 Thread Jonas Smedegaard 
Hi Sandro,

Quoting Sandro Mani (2020-02-24 10:12:50)
> Since I need to update the package in Fedora (it is currently broken), 
> I've prepared the patch below to remove the dependency. Can you 
> perhaps confirm that it does not fundamentally break licensecheck in 
> some way?
>  From my tests, it appears to work.

Uhm, it won't _fundamentally_ break, but it will find multiple related 
licenses where only one exist - e.g. detect fulltext of AGPL as either 
AGPL or GPL because it mentions GPL.

If you do choose to carry this patch, then I kindly request that you 
document clearly that you are effectively distributing a fork of the 
code, so that your users do not get the false impression that the 
quality of your licensecheck is on par with that of licensecheck 
released by me.

I _do_ intend to fix this issue, just haven't gotten around to it yet, 
and a proper fix involved _replacing_ Array::IntSpan, not simply 
stripping it.


Kind regards, and thanks for caring about this,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-24 Thread Sandro Mani 

Hi Jonas

Since I need to update the package in Fedora (it is currently broken), 
I've prepared the patch below to remove the dependency. Can you perhaps 
confirm that it does not fundamentally break licensecheck in some way? 
From my tests, it appears to work.


Thanks

Sandro



diff -rupN App-Licensecheck-v3.0.45/lib/App/Licensecheck.pm 
App-Licensecheck-v3.0.45-new/lib/App/Licensecheck.pm
--- App-Licensecheck-v3.0.45/lib/App/Licensecheck.pm    2020-02-21 
16:24:52.0 +0100
+++ App-Licensecheck-v3.0.45-new/lib/App/Licensecheck.pm 2020-02-23 
17:29:05.277245643 +0100

@@ -12,7 +12,6 @@ use Path::Tiny;
 use Try::Tiny;
 use Fcntl qw(:seek);
 use Encode;
-use Array::IntSpan;
 use Regexp::Pattern::License 3.1.102;
 use Regexp::Pattern 0.2.12 (
 're',
@@ -601,7 +600,6 @@ sub parse_license
 my @gpl  = qw(gpl gpl_1 gpl_2 gpl_3);
 my @lgpl = qw(lgpl lgpl_2 lgpl_2_1 lgpl_3);

-    my $coverage = Array::IntSpan->new();
 my %match;
 my ( %grant, %license );

@@ -697,27 +695,16 @@ sub parse_license
     );
     my $license = pop @licenses;
     next unless ($license);
-        next
-            if defined(
-            $coverage->get_range( $pos, $pos_license{$pos}{$license} )
-                ->get_element(0) );
     $self->log->tracef(
         'detected and flagged well-formed license fulltext: %s: %s 
[%s]',

         $license, $pos, $file
     );
-        $coverage->set_range( $pos, $pos_license{$pos}{$license}, 
$license );

     $license{$license} = 1;
 }

 foreach my $trait (qw(license_label_trove license_label 
licensed_under)) {

     next unless ( $licensetext =~ /$RE{"TRAIT_$trait"}/ );
     while ( $licensetext =~ /$RE{"TRAIT_GLOBAL_$trait"}/g ) {
-            next
-                if (
-                defined(
-                    $coverage->get_range( $-[0], $+[0] )->get_element(0)
-                )
-                );
         push @clues, Trait [ $trait, $-[0], $+[0] ];
     }
 }
@@ -766,11 +753,6 @@ sub parse_license

     if (    $name
         and $match{$name}{name}{$pos_name}
-            and !defined(
-                $coverage->get_range(
-                    $pos_name, $match{$name}{name}{$pos_name}
-                )->get_element(0)
-            )
         and grep { $_ eq $name } @L_tidy
         )
     {
@@ -1187,11 +1169,7 @@ sub parse_license
     next if ( $match{$id}{custom} );
     next if ( $license{$id} );
     if ( $RE{"GRANT_$id"} ) {
-            if ($licensetext =~ $RE{"GRANT_$id"}
-                and !defined(
-                    $coverage->get_range( $-[0], $+[0] )->get_element(0)
-                )
-                )
+            if ($licensetext =~ $RE{"GRANT_$id"})
         {
             $self->log->tracef(
                 'detected versioned grant/license: %s: [%s]',
@@ -1246,11 +1224,7 @@ sub parse_license

     if (   $license{$id}
         or $grant{$id}
-            or ($licensetext =~ $RE{"GRANT_$id"}
-                and !defined(
-                    $coverage->get_range( $-[0], $+[0] )->get_element(0)
-                )
-            )
+            or $licensetext =~ $RE{"GRANT_$id"}
         )
     {
         $self->log->tracef(

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-11 Thread Jonas Smedegaard 
Hi Sandro,

Quoting Sandro Mani (2020-02-12 00:24:50)
> The perl Array-IntSpan module is licensed Artistic v1 [1], but this 
> license is considered a non-free license [2] and not allowed in Fedora 
> [3].
> 
> As such, Fedora won't be able to ship newer versions of licensecheck 
> as long as there is a dependency on this module. Could it's use please 
> be reconsidered? Thanks.

Thank you very much for bringing this issue to my attention.

Yes, I will certainly try avoid that oddly-licensed library.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#951186: Please reconsider usage of perl-Array-IntSpan in licensecheck

2020-02-11 Thread Sandro Mani 

Package: licensecheck
Version: 3.0.41

The perl Array-IntSpan module is licensed Artistic v1 [1], but this 
license is considered a non-free license [2] and not allowed in Fedora [3].


As such, Fedora won't be able to ship newer versions of licensecheck as 
long as there is a dependency on this module. Could it's use please be 
reconsidered? Thanks.


[1] https://metacpan.org/release/Array-IntSpan
[2] https://www.gnu.org/licenses/license-list.html#ArtisticLicense
[3] 
https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Bad_Licenses