Page MenuHomePhabricator
Create Task
Maniphest T186481

License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
Closed, ResolvedPublic
Actions

Description

From packagist.org I got the following email:

Subject: mediawiki/mediawiki-codesniffer failed to update, invalid composer.json data

The mediawiki/mediawiki-codesniffer package of which you are a maintainer has
failed to update due to invalid data contained in your composer.json.
Please address this as soon as possible since the package stopped updating.

It is recommended that you use composer validate to check for errors when you
change your composer.json.

Below is the full update log which should highlight errors as
"Skipped branch ...":

[Composer\Repository\InvalidRepositoryException]: Some branches contained invalid data and were discarded, it is advised to review the log and fix any issues present in branches

Reading composer.json of mediawiki/mediawiki-codesniffer (v15.0.0)
Importing tag v15.0.0 (15.0.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v14.1.0)
Importing tag v14.1.0 (14.1.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v14.0.0)
Importing tag v14.0.0 (14.0.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v13.0.0)
Importing tag v13.0.0 (13.0.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.12.0)
Importing tag v0.12.0 (0.12.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.11.1)
Importing tag v0.11.1 (0.11.1.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.11.0)
Importing tag v0.11.0 (0.11.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.10.1)
Importing tag v0.10.1 (0.10.1.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.10.0)
Importing tag v0.10.0 (0.10.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.9.0)
Importing tag v0.9.0 (0.9.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.8.1)
Importing tag v0.8.1 (0.8.1.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.8.0)
Importing tag v0.8.0 (0.8.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.8.0-alpha.1)
Importing tag v0.8.0-alpha.1 (0.8.0.0-alpha1)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.7.2)
Importing tag v0.7.2 (0.7.2.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.7.1)
Importing tag v0.7.1 (0.7.1.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.7.0)
Importing tag v0.7.0 (0.7.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.6.0)
Importing tag v0.6.0 (0.6.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.5.1)
Importing tag v0.5.1 (0.5.1.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.5.0)
Importing tag v0.5.0 (0.5.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.4.0)
Importing tag v0.4.0 (0.4.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.3.0)
Importing tag v0.3.0 (0.3.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (v0.2.0)
Importing tag v0.2.0 (0.2.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (0.1.0)
Importing tag 0.1.0 (0.1.0.0)
Reading composer.json of mediawiki/mediawiki-codesniffer (master)
Importing branch master (dev-master)
Skipped branch master, Invalid package information:
License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead

Reading composer.json of mediawiki/mediawiki-codesniffer (0.8.x)
Importing branch 0.8.x (0.8.x-dev)

Details

SubjectRepoBranchLines +/-
Use SPDX 3.0 license identifiermediawiki/tools/codesniffermaster+1 -1
Customize query in gerrit

Related Objects

Event Timeline

hashar created this task.Feb 5 2018, 8:17 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 5 2018, 8:17 AM
hashar added a comment.Feb 5 2018, 8:21 AM

And if one change the SPDX version, the old composer we use on CI ends up complaining with:

License "GPL-2.0-or-later" is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.
If the software is closed-source, you may use "proprietary" as license.

So I guess we want to upgrade composer first T125343: Upgrade integration/composer to 1.6.5 stable

hashar added a subtask: T125343: Upgrade integration/composer to 1.6.5 stable.Feb 5 2018, 8:22 AM
Umherirrender subscribed.Feb 6 2018, 7:46 PM

I would assume this is true for all composer packages from wikimedia

This makes it harder for a security release, because it has to be fixed to get it published, but it leave our CI tests in a broken state ...

Nikerabbit subscribed.Feb 6 2018, 7:51 PM
gerritbot subscribed.Feb 14 2018, 7:15 PM

Change 410534 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[mediawiki/tools/codesniffer@master] Use SPDX 3.0 license identifier

https://gerrit.wikimedia.org/r/410534

gerritbot added a project: Patch-For-Review.Feb 14 2018, 7:15 PM
Legoktm claimed this task.Feb 14 2018, 7:15 PM
Legoktm removed a subtask: T125343: Upgrade integration/composer to 1.6.5 stable.
Legoktm subscribed.

We can do this regardless of updating integration/composer, since it'll emit a non-failing warning. But this is blocking making the next MW-CS release.

Legoktm moved this task from Untriaged to In progress on the MediaWiki-Codesniffer board.Feb 14 2018, 7:16 PM
gerritbot added a comment.Feb 14 2018, 7:18 PM

Change 410534 merged by jenkins-bot:
[mediawiki/tools/codesniffer@master] Use SPDX 3.0 license identifier

https://gerrit.wikimedia.org/r/410534

Legoktm closed this task as Resolved.Feb 14 2018, 7:22 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL