Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pypi does not recognize license #1386

Open
SMoraisAnsys opened this issue Dec 16, 2024 · 8 comments · May be fixed by #1387
Open

Pypi does not recognize license #1386

SMoraisAnsys opened this issue Dec 16, 2024 · 8 comments · May be fixed by #1387

Comments

@SMoraisAnsys
Copy link

Unless there is a delay, it seems that the LICENSE metadata is not available in Pypi for release 24.3.0, see https://pypi.org/project/attrs/24.3.0/

Note that this information was available in 24.2.0, see https://pypi.org/project/attrs/24.2.0/

I suspect the changes from #1377 are the cause for this problem.

@SMoraisAnsys SMoraisAnsys linked a pull request Dec 16, 2024 that will close this issue
@hugovk
Copy link
Contributor

hugovk commented Dec 16, 2024

Testing with another package that also uses Hatchling, this is how pyproject.toml was before:

license = { text = "MIT" }
classifiers = [
  "License :: OSI Approved :: MIT License",

The upload shows it had this metadata:

Metadata-Version: 2.4
License: MIT
License-File: LICENSE.txt
Classifier: License :: OSI Approved :: MIT License

PyPI shows:

Unverified details:

  • Meta:
    • License: MIT License (MIT)

Next, change to:

license = "MIT"
license-files = [ "LICENSE.txt" ]
classifiers = [
  "License :: OSI Approved :: MIT License",

Metadata:

Metadata-Version: 2.4
Name: tinytext
License-Expression: MIT
License-File: LICENSE.txt
Classifier: License :: OSI Approved :: MIT License

PyPI:

Unverified details:

  • Meta:
    • License: MIT License

(It changed from "MIT License (MIT)" to "MIT License".)


Finally, remove the Trove classifier:

license = "MIT"
license-files = [ "LICENSE.txt" ]

Metadata:

Metadata-Version: 2.4
Name: tinytext
License-Expression: MIT
License-File: LICENSE.txt

PyPI:

Unverified details:

  • Meta:
    • [no licence shown]

To summarise, the new License-Expression and License-File fields are being added to metadata, but the licence is only shown (as unverified) when using the Trove classifier.

This might be a PyPI bug? Looking at https://pypi.org/pypi/attrs/json I see:

"license": null,
"license_expression": null,
"license_files": null,

So I think the short-term fix for attrs is to keep the Trove classifier (it's only deprecated for now, not removed), and keep the new PEP 639 fields so they can be used when PyPI is ready:

license = "MIT"
license-files = ["LICENSE"]
classifiers = [
  "License :: OSI Approved :: MIT License",

@hugovk
Copy link
Contributor

hugovk commented Dec 16, 2024

This might be a PyPI bug?

Or rather twine? Quoting @konstin on the PyPA Discord talking about another issue but with timely relevant info:

... uv publish sets license-file in the formdata (https://github.com/astral-sh/uv/blob/8074917449ec53d238112a9b0722110d902f522e/crates/uv-publish/src/lib.rs#L699) while twine does not (yet) (https://github.com/pypa/twine/blob/75be078d2849d07c3406772cbbdb13c72139b341/twine/package.py#L199)

@konstin
Copy link

konstin commented Dec 16, 2024

The warehouse (pypi) side is working, the following test package shows up correctly (https://test.pypi.org/project/astral-test-token/):

image

[project]
name = "astral-test-token"
version = "0.1.2317"
authors = [{ name = "konstin", email = "konstin@mailbox.org" }]
classifiers = ["Topic :: Software Development :: Testing"]
dependencies = []
description = "Add your description here"
dynamic = ["gui-scripts", "scripts"]
keywords = ["test", "publish"]
license = "MIT OR Apache-2.0"
license-files = ["LICENSE*"]
maintainers = [{ name = "konstin", email = "konstin@mailbox.org" }]
optional-dependencies = { "async" = ["anyio>=4,<5"] }
readme = "README.md"
requires-python = ">=3.12"
urls = { "github" = "https://github.com/astral-sh/uv" }

# hatchling should work equally
[build-system]
requires = ["pdm-backend"]
build-backend = "pdm.backend"

@hynek
Copy link
Member

hynek commented Dec 16, 2024

According to https://discuss.python.org/t/pep-639-round-3-improving-license-clarity-with-better-package-metadata/53020/145 it’s a Twine issue (that is used by the PyPI upload action).

@SMoraisAnsys
Copy link
Author

SMoraisAnsys commented Dec 16, 2024

So I think the short-term fix for attrs is to keep the Trove classifier (it's only deprecated for now, not removed), and keep the new PEP 639 fields so they can be used when PyPI is ready:

license = "MIT"
license-files = ["LICENSE"]
classifiers = [
  "License :: OSI Approved :: MIT License",

I like this approach. On top of it, I think that people using pip-licenses (me among others haha) would be able to retrieve the package license with the Trove classifier ! If anyone is interested, this seems to be available with option --from=mixed

@SMoraisAnsys
Copy link
Author

Seems like Twine should be able to handle metadata version 2.4 soon (pypa/twine#1180 got merged).

@webknjaz
Copy link
Member

So I'll need to bump twine in pypi-publish once it's released.

@martin-traverse
Copy link

I hit this issue too. I see there is a PR open, would be great to get a fix merged / released if there is a solution available.

My project has very strict compliance requirements, we had to exclude the latest version of this package for the time being.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants