Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork938
Fix URLs that were redirecting to another license#1662
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
All the opensource.org BSD license URLs at the top of source codefiles in this project had originally pointed to a page on the3-clause BSD license that this project used and continues to use.But over time the site was apparently reorganized and the linkbecame a redirect to the page about the 2-clause BSD license.Because it is identified only as the "BSD license" in the commentsin this project that contain the links, this unfortunately makes itso those top-of-file comments all wrongly claim that the project is2-clause BSD licensed.This fixes the links by replacing them with the current URL of theopensource.org page on the 3-clause BSD license. The current URLcontains "bsd-3-clause" in it, so this specific problem is unlikelyto recur with that URL (and even if it did, the text "bsd-3-clauseis information that may clue readers in to what is going on).
EliahKagan added a commit to EliahKagan/gitdb that referenced this pull requestSep 17, 2023
This is the gitdb part of the fix for the top-of-file license URLsthat have come to point to a page about a related but differentlicense from the one GitPython and gitdb are (intended to be)offered under.Seegitpython-developers/GitPython#1662for details about the problem and how it came about.
EliahKagan added a commit to EliahKagan/gitdb that referenced this pull requestSep 17, 2023
This is the gitdb part of the fix for the top-of-file license URLsthat have come to point to a page about a related but differentlicense from the one GitPython and gitdb are (intended to be)offered under.Seegitpython-developers/GitPython#1662for details about the problem and how it came about.
Thanks a million! It's quite amazing for how long some of these bugs can hide, but also, that a site that hosts licenses is willing to change a 3-clause BSD into a 2-clause BSD license, which seems like a breaking change. |
I would consider that abug rather than a breaking change, whether or not it was intentional. I suspect it was not intentional, or at least that the effect was not intended. Looking at archive.org saves of the page, it looks like it had at one time been the only "BSD license" listed on opensource.org, back when the OSI had formally approved the 3-clause license but not yet the 2-clause license, or something like that. The page was updated to mention prominently that, in choosing a license, the third clause can be removed and the result is still an open source license. Then it later became a page for the 2-clause license. So the page may have appeared, to people maintaining the site, to be a general page not specific to any one version of the BSD license. My guess is that, in addition, the mindset at the time was oriented toward informing people of what OSI-approved licenses they might choose for their software, rather than identifying a specific license to communicate that it has been used. I don't think this diminishes the bug, but it may help explain it, because that view would explain the idea that noting that there is a 3-clause version and linking to it (which the page does) would be sufficient. That is enough to inform people of what licenses exist, but not enough to inform people of what license someone is trying to tell them about. Anyway, I think this could still be fixed in opensource.org. The old URL is a redirect, and it could be made to go to a disambiguation page, or to go to its current target but with some |
renovatebot referenced this pull request in allenporter/flux-localSep 23, 2023
[](https://renovatebot.com)This PR contains the following updates:| Package | Change | Age | Adoption | Passing | Confidence ||---|---|---|---|---|---|| [GitPython](https://togithub.com/gitpython-developers/GitPython) |`==3.1.36` -> `==3.1.37` |[](https://docs.renovatebot.com/merge-confidence/)|[](https://docs.renovatebot.com/merge-confidence/)|[](https://docs.renovatebot.com/merge-confidence/)|[](https://docs.renovatebot.com/merge-confidence/)|---### Release Notes<details><summary>gitpython-developers/GitPython (GitPython)</summary>###[`v3.1.37`](https://togithub.com/gitpython-developers/GitPython/releases/tag/3.1.37):- a proper fixCVE-2023-41040[CompareSource](https://togithub.com/gitpython-developers/GitPython/compare/3.1.36...3.1.37)#### What's Changed- Improve Python version and OS compatibility, fixing deprecations by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1654](https://togithub.com/gitpython-developers/GitPython/pull/1654)- Better document env_case test/fixture and cwd by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1657](https://togithub.com/gitpython-developers/GitPython/pull/1657)- Remove spurious executable permissions by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1658](https://togithub.com/gitpython-developers/GitPython/pull/1658)- Fix up checks in Makefile and make them portable by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1661](https://togithub.com/gitpython-developers/GitPython/pull/1661)- Fix URLs that were redirecting to another license by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1662](https://togithub.com/gitpython-developers/GitPython/pull/1662)- Assorted small fixes/improvements to root dir docs by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1663](https://togithub.com/gitpython-developers/GitPython/pull/1663)- Use venv instead of virtualenv in test_installation by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1664](https://togithub.com/gitpython-developers/GitPython/pull/1664)- Omit py_modules in setup by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1665](https://togithub.com/gitpython-developers/GitPython/pull/1665)- Don't track code coverage temporary files by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1666](https://togithub.com/gitpython-developers/GitPython/pull/1666)- Configure tox by [@​EliahKagan](https://togithub.com/EliahKagan)in[https://github.com/gitpython-developers/GitPython/pull/1667](https://togithub.com/gitpython-developers/GitPython/pull/1667)- Format tests with black and auto-exclude untracked paths by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1668](https://togithub.com/gitpython-developers/GitPython/pull/1668)- Upgrade and broaden flake8, fixing style problems and bugs by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1673](https://togithub.com/gitpython-developers/GitPython/pull/1673)- Fix rollback bug in SymbolicReference.set_reference by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1675](https://togithub.com/gitpython-developers/GitPython/pull/1675)- Remove `@NoEffect` annotations by[@​EliahKagan](https://togithub.com/EliahKagan) in[https://github.com/gitpython-developers/GitPython/pull/1677](https://togithub.com/gitpython-developers/GitPython/pull/1677)- Add more checks for the validity of refnames by[@​facutuesca](https://togithub.com/facutuesca) in[https://github.com/gitpython-developers/GitPython/pull/1672](https://togithub.com/gitpython-developers/GitPython/pull/1672)**Full Changelog**:gitpython-developers/GitPython@3.1.36...3.1.37</details>---### Configuration📅 **Schedule**: Branch creation - At any time (no schedule defined),Automerge - At any time (no schedule defined).🚦 **Automerge**: Enabled.♻ **Rebasing**: Whenever PR becomes conflicted, or you tick therebase/retry checkbox.🔕 **Ignore**: Close this PR and you won't be reminded about this updateagain.---- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, checkthis box---This PR has been generated by [MendRenovate](https://www.mend.io/free-developer-tools/renovate/). Viewrepository job log[here](https://developer.mend.io/github/allenporter/flux-local).<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi45Ny4xIiwidXBkYXRlZEluVmVyIjoiMzYuOTcuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
%5d(https%3a%2f%2frenovatebot.com){kind=link}
EliahKagan added a commit to EliahKagan/GitPython that referenced this pull requestOct 11, 2023
…opers#1659Whengitpython-developers#1659 was updated to pick up linting configuration changes, itinadvertently undid one of the URL changes made ingitpython-developers#1662, puttingthe URL in the git.exe module back to the one that redirects to adifferent BSD license from the one this project uses.Since only that one module was affected, the fix is simple. Thisonly changes the URL back; it doesn't undo any othergitpython-developers#1659 changes.
EliahKagan added a commit to EliahKagan/GitPython that referenced this pull requestOct 11, 2023
…opers#1659Whengitpython-developers#1659 was updated to pick up linting configuration changes, itinadvertently undid one of the URL changes made ingitpython-developers#1662, puttingthe URL in the git.exc module back to the one that redirects to adifferent BSD license from the one this project uses.Since only that one module was affected, the fix is simple. Thisonly changes the URL back; it doesn't undo any othergitpython-developers#1659 changes.
otc-zuulbot pushed a commit to opentelekomcloud-infra/eyes_on_docs that referenced this pull requestOct 25, 2023
Bump gitpython from 3.1.35 to 3.1.37Bumps gitpython from 3.1.35 to 3.1.37.Release notesSourced from gitpython's releases.3.1.37 - a proper fixCVE-2023-41040What's ChangedImprove Python version and OS compatibility, fixing deprecations by @EliahKagan ingitpython-developers/GitPython#1654Better document env_case test/fixture and cwd by @EliahKagan ingitpython-developers/GitPython#1657Remove spurious executable permissions by @EliahKagan ingitpython-developers/GitPython#1658Fix up checks in Makefile and make them portable by @EliahKagan ingitpython-developers/GitPython#1661Fix URLs that were redirecting to another license by @EliahKagan ingitpython-developers/GitPython#1662Assorted small fixes/improvements to root dir docs by @EliahKagan ingitpython-developers/GitPython#1663Use venv instead of virtualenv in test_installation by @EliahKagan ingitpython-developers/GitPython#1664Omit py_modules in setup by @EliahKagan ingitpython-developers/GitPython#1665Don't track code coverage temporary files by @EliahKagan ingitpython-developers/GitPython#1666Configure tox by @EliahKagan ingitpython-developers/GitPython#1667Format tests with black and auto-exclude untracked paths by @EliahKagan ingitpython-developers/GitPython#1668Upgrade and broaden flake8, fixing style problems and bugs by @EliahKagan ingitpython-developers/GitPython#1673Fix rollback bug in SymbolicReference.set_reference by @EliahKagan ingitpython-developers/GitPython#1675Remove@NoEffect annotations by @EliahKagan ingitpython-developers/GitPython#1677Add more checks for the validity of refnames by @facutuesca ingitpython-developers/GitPython#1672Full Changelog: gitpython-developers/GitPython@3.1.36...3.1.37Commitsb27a89f fix makefile to compare commit hashes only0bd2890 prepare next release832b6ee remove unnecessary list comprehension to fix CIe98f57b Merge pull request #1672 from trail-of-forks/robust-refname-checks1774f1e Merge pull request #1677 from EliahKagan/no-noeffecta4701a0 Remove@NoEffect annotationsd40320b Merge pull request #1675 from EliahKagan/rollbackd1c1f31 Merge pull request #1673 from EliahKagan/flake8e480985 Tweak rollback logic in log.to_fileff84b26 Refactor try-finally cleanup in git/Additional commits viewable in compare viewDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting@dependabot rebase.Dependabot commands and optionsYou can trigger Dependabot actions by commenting on this PR:@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.Reviewed-by: Vladimir Vshivkov
EliahKagan added a commit to EliahKagan/GitPython that referenced this pull requestNov 3, 2023
This improves the consistency of top-of-module comments as follows:- All names of the current file are removed. Some included these while others didn't. In general, this can be useful information, which can remind readers and developers of what the file is and may even reduce mistakes. However, in GitPython, many modules inside git/ have the same name as other modules in other subdirectories of git/. So the presence of filenames would often be the same for multiple files, a condition that would be intensified if consistency were achieved by adding them everywhere. This instead removes them, which should (albeit slightly) decrease the risk of confusing modules that have the same name as each other.- All modules (.py files) inside git/ and test/, except for .py files that are entirely empty (without even comments) or are inside test/fixtures/, now have comments indicating the license and linking to it on opensource.org. Previously, some modules had this, while others did not.The comment about the license is short, and does not contain anexplicit copyright statement. No new explicit copyright statementsare added, but some top-of-modules already contained them, and thisdoes not remove (nor update or otherwise modify) them.Although explicit copyright statements are not touched, all thelicense comments are modified, including where they had previouslyappeared, to say "the 3-Clause BSD License" instead of"the BSD License", since there is no specific license known as the"BSD License" (and both the 2-clause and 3-clause BSD licenses arevery popular).This change should not be confused withgitpython-developers#1662, which fixed anoriginally correct hyperlink that had come to redirect to a pageabout a different license. The change here does not change the linkagain. It makes the commented wording more specific, so that it isclear, even without looking at the link, which BSD license is beingreferred to.
EliahKagan added a commit to EliahKagan/GitPython that referenced this pull requestNov 3, 2023
This improves the consistency of top-of-module comments as follows:- All names of the current file are removed. Some included these while others didn't. In general, this can be useful information, which can remind readers and developers of what the file is and may even reduce mistakes. However, in GitPython, many modules inside git/ have the same name as other modules in other subdirectories of git/. So the presence of filenames would often be the same for multiple files, a condition that would be intensified if consistency were achieved by adding them everywhere. This instead removes them, which should (albeit slightly) decrease the risk of confusing modules that have the same name as each other.- All modules (.py files) inside git/ and test/, except for .py files that are entirely empty (without even comments) or are inside test/fixtures/, now have comments indicating the license and linking to it on opensource.org. Previously, some modules had this, while others did not.The comment about the license is short, and does not contain anexplicit copyright statement. No new explicit copyright statementsare added, but some top-of-modules already contained them, and thisdoes not remove (nor update or otherwise modify) them.Although explicit copyright statements are not touched, all thelicense comments are modified, including where they had previouslyappeared, to say "the 3-Clause BSD License" instead of"the BSD License", since there is no specific license known as the"BSD License" (and both the 2-clause and 3-clause BSD licenses arevery popular).This change should not be confused withgitpython-developers#1662, which fixed anoriginally correct hyperlink that had come to redirect to a pageabout a different license. The change here does not change the linkagain. It makes the commented wording more specific, so that it isclear, even without looking at the link, which BSD license is beingreferred to.
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
None yet
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
All the opensource.org BSDlicense URLs at the top of source code files in this project hadoriginally pointed to a page on the 3-clause BSD license that this projectused andcontinues to use.
But over time the site was apparently reorganized and the link became a redirect to the page about the 2-clause BSD license. Because it is identified only as the "BSD license" in the comments in this project that contain the links, this unfortunately makes it so those top-of-file comments all wrongly claim that the project is 2-clause BSD licensed.
To be more specific,bisecting archivals reveals that the change apparently occurred sometime between29 April 2011 and5 June 2011.
This fixes the links by replacing them with the current URL of the opensource.org page on the 3-clause BSD license. The current URL contains "bsd-3-clause" in it, so this specific problem is unlikely to recur with that URL (and even if it did, the text "bsd-3-clause is information that may clue readers in to what is going on).
There may be other changes that could be made in the future to further clarify the license. For example, in
setup.py, the license name is passed asBSD. There may be a more specific name that can be used and that PyPI and/or common tools will recognize for the 3-clause BSD license name. (If anySPDX name can be used, which I think it can, then this is definitely so. However, a more specificclassifier does not appear available.) But that's not actually a bug--it's not referring to a specific different license--and this PR does not make any such changes. Other than how I permitted my editor to remove trailing whitespace in the files it was saving, this pull request is strictly limited to updating those URLs.This also affects numerous URLs in
gitdb, for which I have openedgitpython-developers/gitdb#96. It does not affectsmmap.