-
-
Notifications
You must be signed in to change notification settings - Fork 918
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix URLs that were redirecting to another license #1662
Conversation
All the opensource.org BSD license URLs at the top of source code files in this project had originally pointed to a page on the 3-clause BSD license that this project used and continues to use. But over time the site was apparently reorganized and the link became a redirect to the page about the 2-clause BSD license. Because it is identified only as the "BSD license" in the comments in this project that contain the links, this unfortunately makes it so those top-of-file comments all wrongly claim that the project is 2-clause BSD licensed. This fixes the links by replacing them with the current URL of the opensource.org page on the 3-clause BSD license. The current URL contains "bsd-3-clause" in it, so this specific problem is unlikely to recur with that URL (and even if it did, the text "bsd-3-clause is information that may clue readers in to what is going on).
This is the gitdb part of the fix for the top-of-file license URLs that have come to point to a page about a related but different license from the one GitPython and gitdb are (intended to be) offered under. See gitpython-developers/GitPython#1662 for details about the problem and how it came about.
This is the gitdb part of the fix for the top-of-file license URLs that have come to point to a page about a related but different license from the one GitPython and gitdb are (intended to be) offered under. See gitpython-developers/GitPython#1662 for details about the problem and how it came about.
Thanks a million! It's quite amazing for how long some of these bugs can hide, but also, that a site that hosts licenses is willing to change a 3-clause BSD into a 2-clause BSD license, which seems like a breaking change. |
I would consider that a bug rather than a breaking change, whether or not it was intentional. I suspect it was not intentional, or at least that the effect was not intended. Looking at archive.org saves of the page, it looks like it had at one time been the only "BSD license" listed on opensource.org, back when the OSI had formally approved the 3-clause license but not yet the 2-clause license, or something like that. The page was updated to mention prominently that, in choosing a license, the third clause can be removed and the result is still an open source license. Then it later became a page for the 2-clause license. So the page may have appeared, to people maintaining the site, to be a general page not specific to any one version of the BSD license. My guess is that, in addition, the mindset at the time was oriented toward informing people of what OSI-approved licenses they might choose for their software, rather than identifying a specific license to communicate that it has been used. I don't think this diminishes the bug, but it may help explain it, because that view would explain the idea that noting that there is a 3-clause version and linking to it (which the page does) would be sufficient. That is enough to inform people of what licenses exist, but not enough to inform people of what license someone is trying to tell them about. Anyway, I think this could still be fixed in opensource.org. The old URL is a redirect, and it could be made to go to a disambiguation page, or to go to its current target but with some |
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [GitPython](https://togithub.com/gitpython-developers/GitPython) | `==3.1.36` -> `==3.1.37` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/GitPython/3.1.37?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/GitPython/3.1.37?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/GitPython/3.1.36/3.1.37?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/GitPython/3.1.36/3.1.37?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>gitpython-developers/GitPython (GitPython)</summary> ### [`v3.1.37`](https://togithub.com/gitpython-developers/GitPython/releases/tag/3.1.37): - a proper fix CVE-2023-41040 [Compare Source](https://togithub.com/gitpython-developers/GitPython/compare/3.1.36...3.1.37) #### What's Changed - Improve Python version and OS compatibility, fixing deprecations by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1654](https://togithub.com/gitpython-developers/GitPython/pull/1654) - Better document env_case test/fixture and cwd by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1657](https://togithub.com/gitpython-developers/GitPython/pull/1657) - Remove spurious executable permissions by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1658](https://togithub.com/gitpython-developers/GitPython/pull/1658) - Fix up checks in Makefile and make them portable by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1661](https://togithub.com/gitpython-developers/GitPython/pull/1661) - Fix URLs that were redirecting to another license by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1662](https://togithub.com/gitpython-developers/GitPython/pull/1662) - Assorted small fixes/improvements to root dir docs by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1663](https://togithub.com/gitpython-developers/GitPython/pull/1663) - Use venv instead of virtualenv in test_installation by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1664](https://togithub.com/gitpython-developers/GitPython/pull/1664) - Omit py_modules in setup by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1665](https://togithub.com/gitpython-developers/GitPython/pull/1665) - Don't track code coverage temporary files by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1666](https://togithub.com/gitpython-developers/GitPython/pull/1666) - Configure tox by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1667](https://togithub.com/gitpython-developers/GitPython/pull/1667) - Format tests with black and auto-exclude untracked paths by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1668](https://togithub.com/gitpython-developers/GitPython/pull/1668) - Upgrade and broaden flake8, fixing style problems and bugs by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1673](https://togithub.com/gitpython-developers/GitPython/pull/1673) - Fix rollback bug in SymbolicReference.set_reference by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1675](https://togithub.com/gitpython-developers/GitPython/pull/1675) - Remove `@NoEffect` annotations by [@​EliahKagan](https://togithub.com/EliahKagan) in [https://github.com/gitpython-developers/GitPython/pull/1677](https://togithub.com/gitpython-developers/GitPython/pull/1677) - Add more checks for the validity of refnames by [@​facutuesca](https://togithub.com/facutuesca) in [https://github.com/gitpython-developers/GitPython/pull/1672](https://togithub.com/gitpython-developers/GitPython/pull/1672) **Full Changelog**: gitpython-developers/GitPython@3.1.36...3.1.37 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/allenporter/flux-local). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi45Ny4xIiwidXBkYXRlZEluVmVyIjoiMzYuOTcuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…opers#1659 When gitpython-developers#1659 was updated to pick up linting configuration changes, it inadvertently undid one of the URL changes made in gitpython-developers#1662, putting the URL in the git.exe module back to the one that redirects to a different BSD license from the one this project uses. Since only that one module was affected, the fix is simple. This only changes the URL back; it doesn't undo any other gitpython-developers#1659 changes.
…opers#1659 When gitpython-developers#1659 was updated to pick up linting configuration changes, it inadvertently undid one of the URL changes made in gitpython-developers#1662, putting the URL in the git.exc module back to the one that redirects to a different BSD license from the one this project uses. Since only that one module was affected, the fix is simple. This only changes the URL back; it doesn't undo any other gitpython-developers#1659 changes.
Bump gitpython from 3.1.35 to 3.1.37 Bumps gitpython from 3.1.35 to 3.1.37. Release notes Sourced from gitpython's releases. 3.1.37 - a proper fix CVE-2023-41040 What's Changed Improve Python version and OS compatibility, fixing deprecations by @EliahKagan in gitpython-developers/GitPython#1654 Better document env_case test/fixture and cwd by @EliahKagan in gitpython-developers/GitPython#1657 Remove spurious executable permissions by @EliahKagan in gitpython-developers/GitPython#1658 Fix up checks in Makefile and make them portable by @EliahKagan in gitpython-developers/GitPython#1661 Fix URLs that were redirecting to another license by @EliahKagan in gitpython-developers/GitPython#1662 Assorted small fixes/improvements to root dir docs by @EliahKagan in gitpython-developers/GitPython#1663 Use venv instead of virtualenv in test_installation by @EliahKagan in gitpython-developers/GitPython#1664 Omit py_modules in setup by @EliahKagan in gitpython-developers/GitPython#1665 Don't track code coverage temporary files by @EliahKagan in gitpython-developers/GitPython#1666 Configure tox by @EliahKagan in gitpython-developers/GitPython#1667 Format tests with black and auto-exclude untracked paths by @EliahKagan in gitpython-developers/GitPython#1668 Upgrade and broaden flake8, fixing style problems and bugs by @EliahKagan in gitpython-developers/GitPython#1673 Fix rollback bug in SymbolicReference.set_reference by @EliahKagan in gitpython-developers/GitPython#1675 Remove @NoEffect annotations by @EliahKagan in gitpython-developers/GitPython#1677 Add more checks for the validity of refnames by @facutuesca in gitpython-developers/GitPython#1672 Full Changelog: gitpython-developers/[email protected] Commits b27a89f fix makefile to compare commit hashes only 0bd2890 prepare next release 832b6ee remove unnecessary list comprehension to fix CI e98f57b Merge pull request #1672 from trail-of-forks/robust-refname-checks 1774f1e Merge pull request #1677 from EliahKagan/no-noeffect a4701a0 Remove @NoEffect annotations d40320b Merge pull request #1675 from EliahKagan/rollback d1c1f31 Merge pull request #1673 from EliahKagan/flake8 e480985 Tweak rollback logic in log.to_file ff84b26 Refactor try-finally cleanup in git/ Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page. Reviewed-by: Vladimir Vshivkov
This improves the consistency of top-of-module comments as follows: - All names of the current file are removed. Some included these while others didn't. In general, this can be useful information, which can remind readers and developers of what the file is and may even reduce mistakes. However, in GitPython, many modules inside git/ have the same name as other modules in other subdirectories of git/. So the presence of filenames would often be the same for multiple files, a condition that would be intensified if consistency were achieved by adding them everywhere. This instead removes them, which should (albeit slightly) decrease the risk of confusing modules that have the same name as each other. - All modules (.py files) inside git/ and test/, except for .py files that are entirely empty (without even comments) or are inside test/fixtures/, now have comments indicating the license and linking to it on opensource.org. Previously, some modules had this, while others did not. The comment about the license is short, and does not contain an explicit copyright statement. No new explicit copyright statements are added, but some top-of-modules already contained them, and this does not remove (nor update or otherwise modify) them. Although explicit copyright statements are not touched, all the license comments are modified, including where they had previously appeared, to say "the 3-Clause BSD License" instead of "the BSD License", since there is no specific license known as the "BSD License" (and both the 2-clause and 3-clause BSD licenses are very popular). This change should not be confused with gitpython-developers#1662, which fixed an originally correct hyperlink that had come to redirect to a page about a different license. The change here does not change the link again. It makes the commented wording more specific, so that it is clear, even without looking at the link, which BSD license is being referred to.
This improves the consistency of top-of-module comments as follows: - All names of the current file are removed. Some included these while others didn't. In general, this can be useful information, which can remind readers and developers of what the file is and may even reduce mistakes. However, in GitPython, many modules inside git/ have the same name as other modules in other subdirectories of git/. So the presence of filenames would often be the same for multiple files, a condition that would be intensified if consistency were achieved by adding them everywhere. This instead removes them, which should (albeit slightly) decrease the risk of confusing modules that have the same name as each other. - All modules (.py files) inside git/ and test/, except for .py files that are entirely empty (without even comments) or are inside test/fixtures/, now have comments indicating the license and linking to it on opensource.org. Previously, some modules had this, while others did not. The comment about the license is short, and does not contain an explicit copyright statement. No new explicit copyright statements are added, but some top-of-modules already contained them, and this does not remove (nor update or otherwise modify) them. Although explicit copyright statements are not touched, all the license comments are modified, including where they had previously appeared, to say "the 3-Clause BSD License" instead of "the BSD License", since there is no specific license known as the "BSD License" (and both the 2-clause and 3-clause BSD licenses are very popular). This change should not be confused with gitpython-developers#1662, which fixed an originally correct hyperlink that had come to redirect to a page about a different license. The change here does not change the link again. It makes the commented wording more specific, so that it is clear, even without looking at the link, which BSD license is being referred to.
All the opensource.org BSD license URLs at the top of source code files in this project had originally pointed to a page on the 3-clause BSD license that this project used and continues to use.
But over time the site was apparently reorganized and the link became a redirect to the page about the 2-clause BSD license. Because it is identified only as the "BSD license" in the comments in this project that contain the links, this unfortunately makes it so those top-of-file comments all wrongly claim that the project is 2-clause BSD licensed.
To be more specific, bisecting archivals reveals that the change apparently occurred sometime between 29 April 2011 and 5 June 2011.
This fixes the links by replacing them with the current URL of the opensource.org page on the 3-clause BSD license. The current URL contains "bsd-3-clause" in it, so this specific problem is unlikely to recur with that URL (and even if it did, the text "bsd-3-clause is information that may clue readers in to what is going on).
There may be other changes that could be made in the future to further clarify the license. For example, in
setup.py
, the license name is passed asBSD
. There may be a more specific name that can be used and that PyPI and/or common tools will recognize for the 3-clause BSD license name. (If any SPDX name can be used, which I think it can, then this is definitely so. However, a more specific classifier does not appear available.) But that's not actually a bug--it's not referring to a specific different license--and this PR does not make any such changes. Other than how I permitted my editor to remove trailing whitespace in the files it was saving, this pull request is strictly limited to updating those URLs.This also affects numerous URLs in
gitdb
, for which I have opened gitpython-developers/gitdb#96. It does not affectsmmap
.