Skip to content

Remove generic classifier #895

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 8, 2025
Merged

Remove generic classifier #895

merged 1 commit into from
Mar 8, 2025

Conversation

EvertonSA
Copy link
Contributor

@EvertonSA EvertonSA commented Mar 6, 2025
edited
Loading

On CLM scan tools such as Sonartype, indexing of license setup takes into consideration the current status of the license on Pypi.org. Currently, two classifiers are added:

image

That leads the scan tools to index this package as non compliant as it's using a very generic classifier.

Sonartype response to this package:

• oauthlib: The Non-Standard is populated for the PyPI component oauthlib-3.2.2, which contains the following string in the associated `PKG-INFO`_ file under the _License Classifier section:
 
Classifier: License :: OSI Approved

The said string "OSI Approved" is mapped to an UNKNOWN as it is highly generic and can't be mapped to a specific license.

This PR makes sure that oauthlib is promptly returning only "License :: OSI Approved :: BSD License" and allow scan tools to make sure this lib is safe in regards to licensing.

Other repos for reference:

https://github.com/ets-labs/python-dependency-injector/blob/6e4794bab18fef3ffbc6a11bee526fe24688286f/pyproject.toml#L30
https://github.com/lepture/authlib/blob/4eafdc21891e78361f478479efe109ff0fb2f661/pyproject.toml#L21
https://github.com/gweis/isodate/blob/17cb25eb7bc3556a68f3f7b241313e9bb8b23760/pyproject.toml#L11

@EvertonSA
Copy link
Contributor Author

Please let me know if this is reasonable. I'm ok with all responses. Sonartype it selfs thinks this library is "non compliant". I can open a waiver on their platform for myself, but I believe this fix should help other users also.

@edumuellerFSL
Copy link

bump

@auvipy auvipy merged commit dab6a5a into oauthlib:master Mar 8, 2025
11 of 12 checks passed
@JonathanHuot JonathanHuot added this to the 3.3.0 milestone May 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@auvipy auvipy auvipy approved these changes

@edumuellerFSL edumuellerFSL edumuellerFSL approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.3.0
Development

Successfully merging this pull request may close these issues.
4 participants
@EvertonSA @edumuellerFSL @auvipy @JonathanHuot