Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation should not accept multiple project_license elements #401

Open
oturpe opened this issue May 11, 2021 · 2 comments
Open

Validation should not accept multiple project_license elements #401

oturpe opened this issue May 11, 2021 · 2 comments

Comments

@oturpe
Copy link
Contributor

oturpe commented May 11, 2021
edited
Loading

During Fedora review of an application called qvge, a metainfo file that contains the following was created in attempt to describe the fact that qvge's binary contains parts for each of the listed licenses:

<project_license>MIT</project_license>
<project_license>BSD</project_license>
<project_license>LGPL-3.0</project_license>

My reading of the AppStream spec would be that there can be 0 or 1 of project_license elements, and an application that needs to respect all these licenses should be encoded as MIT and BSD and LGPL-3.0. But, Fedora's mandatory call to appstream-util validate-relax let the metainfo file in question pass. validate-strict does not complain about multiples either.

I think the validation should fail when there are multiple project_license elements. At least the reference implementation simply ignores all but one, so having more is certainly an error.

This is the full file that should fail validation, but does not:

<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright 2016-2020 Ars L. Masiuk <[email protected]> -->
<component type="desktop">
  <id>qvge.desktop</id>
  <metadata_license>MIT</metadata_license>
  <project_license>MIT</project_license>
  <project_license>BSD</project_license>
  <project_license>LGPL-3.0</project_license>
  <name>Qt visual graph editor</name>
  <summary>View and manipulate small till middle-sized graphs.</summary>
  <description>
    <p>
      Application for viewing and manipulating small till middle-sized graphs. It supports several formats (GraphML, GEXF, GML, GraphViz/Dot).
    </p>
  </description>
  <url type="homepage">https://github.com/ArsMasiuk/qvge</url>
  <url type="donation">https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=Z35EHHJ3729GG&amp;source=url</url>
  <screenshots>
    <screenshot type="default">
      <image>https://user-images.githubusercontent.com/19762856/85934275-2a985480-b8e1-11ea-81a9-a5b81f3365e2.PNG</image>
      <caption>Screenshot of the main window</caption>
    </screenshot>
  </screenshots>
  <updatecontact>https://github.com/ArsMasiuk/qvge/issues</updatecontact>
  <translation type="qt">qvge</translation>
</component>
@hughsie
Copy link
Owner

hughsie commented May 11, 2021

Agree. Could you do a simple PR to add this to the app validator please?

@oturpe
Copy link
Contributor Author

oturpe commented May 11, 2021

I think I can do that. There are also other fields that behave the same, I will check their situation as well.

@oturpe oturpe mentioned this issue May 13, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hughsie @oturpe