GNOME Bugzilla – Bug 731462
AppData file does not validate
Last modified: 2019-04-03 18:31:31 UTC
$ appdata-validate gnome-terminal.appdata.xml.in gnome-terminal.appdata.xml.in 1 problems detected: • tag-invalid : <metadata_license> is not valid http://people.freedesktop.org/~hughsient/appdata/#metadata_license specifies that only a few licences are valid here -- could you change the value of metadata_license to be something that's suitable for an XML file (and not code)? The validator accepts CC0-1.0, CC-BY-3.0, CC-BY-SA-3.0 and GFDL-1.3 Thanks. Richard.
AFAICT "GPL-3.0+" is a perfectly valid SPDX licence identifier according to https://spdx.org/licenses/ , so why does the validator think it's invalid?
http://people.freedesktop.org/~hughsient/appdata/#metadata_license basically explains, but the core issue is when we collect all the information together into one meta-file, we want a licence that's sane, i.e. not a superset of all the possible packages in the repo, but just a superset of a small number. The other reason is we want a *content* license, as you can't really have an XML file under the GPL as it doesn't make much legal sense.
So it's a policy problem, not a wrong SPDX value. Firstly, GPL is a sane lincence by itself. Secondly, I disagree on GPLing a XML file; to me it absolutely makes good sense. What exactly is the concern? Thirdly, I don't see how you have concerns about GPLing an XML file but not GFDLing it?
BTW, http://people.freedesktop.org/~hughsient/appdata/#metadata_license only says the allowable licence IDs "include" the mentioned four, it does *not* say that those are the only ones.
(In reply to comment #3) > So it's a policy problem, not a wrong SPDX value. Correct. > Firstly, GPL is a sane lincence by itself. Right, no disagreement there for code -- but for data files that are not code all the legal advice I've been told so far suggested that the GPL is not suited and ambiguous. Content licences like GFDL are a much better fit and legally unambiguous. > Secondly, I disagree on GPLing a XML file; to me it absolutely makes good > sense. What exactly is the concern? I can't go into details without getting the right permissions, but the basic problem is that the XML file isn't created from code source files -- it's just a data file that's used like an icon. > Thirdly, I don't see how you have concerns about GPLing an XML file but not > GFDLing it? GFDL is designed as a content licence for documentation, GPL was designed as a source licence for code.
Is this still an issue?
Yes: • tag-invalid : <metadata_license> is not valid [GPL-3.0+] XML needs to be a content license, not a source licence.
Well, I'm not going to licence anything under a non-copyleft licence, so I think this bug is CANTFIX.
GFDL-1.3 is copyleft (and Debian-free) and suitable for data like this.
I went for GPL3+ and GFDL1.3 dual.
"GPL-3.0+|GFDL-1.3-only" is not valid SPDX syntax for two reasons: * You need to use " OR " for the logic * The SPDX ID is "GFDL-1.3", not "GFDL-1.3-only" I still don't know how you can license an XML file as GPL-anything, but I suppose if you change it to "GPL-3.0+ OR GFDL-1.3" then I can fix up all the other tools to allow it to validate.
Well, I got that from https://spdx.org/licenses/ which says that "GFDL-1.3-only" is the ID of that licence. That seems to be the official spec for SPDX licence IDs, isn't it? I can certainly use " OR " instead of "|" (however it's weird that as-spdx.c translates OR to | internally but doesn't accept it as input).