Nugetgallery: Nuget.org complains about license MIT-0 as unsupported

Created on 18 Oct 2020  路  8Comments  路  Source: NuGet/NuGetGallery

Describe the bug

Some months ago I switched my open source projects to the MIT No Attribution as I didn't like the part of MIT forcing the user to provide a copy of said license where it is used. Nuget.org didn't complained then and even showed the license correctly for my packages (see here).
Now wanting to release a new version Nuget.org complains that

License expression must only contain licenses that are approved by Open Source Initiative or Free Software Foundation. Unsupported licenses: MIT-0.

which as far as I can see is not true?

To Reproduce

Create a package from a csharp project with the <PackageLicenseExpression>MIT-0</PackageLicenseExpression> and try to upload it on Nuget.org

Expected behavior

The package can be uploaded.

Screenshots

image

Verified-Dev Verified-Prod
Source
picture Doraku

All 8 comments

Hello, @Doraku. The reason this license is not allow is because it is not OSI approved or FSF free/libre. This can be seen here:
https://spdx.org/licenses/
image

Perhaps @agr, @chgill-MSFT, or @jcjiang could explain exactly why we limit the SPDX monikers on nuget.org to these two classifications (OSI approved or FSF free/libre).

joelverhagen picture joelverhagen on 19 Oct 2020

Then I guess this website is not up to date? The MIT-0 can be seen here or even here approved by the OSI.
Also did that requirement changed recently? As I was able to push successfully packages with this license a month ago.

Doraku picture Doraku on 19 Oct 2020

It was recently approved and we didn't sync with SPDX database for a while. I'll check what need to be done to sync.

agr picture agr on 19 Oct 2020
👍1

As for why we don't support non-OSI/FSF approved licenses: as far as I remember the reasoning was that those seem to get much less attention in SPDX database and can contain explicit company/personal names in their texts, which obviously have nothing to do with the package owners on nuget.org.

agr picture agr on 19 Oct 2020

As for why we don't support non-OSI/FSF approved licenses: as far as I remember the reasoning was that those seem to get much less attention in SPDX database and can contain explicit company/personal names in their texts, which obviously have nothing to do with the package owners on nuget.org.

Oh I definitely understand why you would put such a limit on usable licenses, the succession of events just led me to believe that the check was already there on nuget.org when I pushed my packages before and then stopped working for some reason since I could see the MIT-0 was approved. Didn't see that it was this recent! Good to know that this will be sorted then :)

Doraku picture Doraku on 19 Oct 2020

https://github.com/NuGet/NuGet.Client/pull/3720 portion is merging to main (5.9.x)

donnie-msft picture donnie-msft on 23 Oct 2020
👍1

Hey, just found out that I could finally upload MIT-0 licensed package to nuget.org :) wondering if I could close this issue or if you want to keep it open still because of some work remaining?

Doraku picture Doraku on 5 Apr 2021

We had it updated recently, I was about to close it. Thanks for checking!

agr picture agr on 5 Apr 2021
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

scottbommarito picture scottbommarito  路  5Comments
j3parker picture j3parker  路  4Comments
dannyvv picture dannyvv  路  4Comments
skofman1 picture skofman1  路  3Comments
yishaigalatzer picture yishaigalatzer  路  4Comments