Page MenuHomePhabricator

Add storage and API for getting a list of SPDX license identifiers
Closed, ResolvedPublic


The license field should validate against a list of SPDX identifiers. We should also provide an API for tool builders (including us!) to use to pull that list for use with frontend validation and select list building.

The backend storage could be a model + a fixture file to populate the db or some more static listing. Take a look at SPDX bits and see if there is something that seems easy to keep in sync.

Event Timeline is a python library that collects a subset of data from and presents it as a python dict. This looks like a relatively easy way to include the data and keep it updated as things change in the SPDX published data.

After re-reading I don't think it will be a good idea to integrate the SPDX list as a choices=... option on our Tool model. The "A new migration is created each time the order of choices changes." note is part of why, but also I don't think it will be useful to have the ~450 license identifiers embedded in our generated OpenAPI spec.

I think we can however make a custom validator class that we can connect into the model save workflow.

Change 661243 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[wikimedia/toolhub@main] api: Add SPDX endpoints

bd808 moved this task from Backlog to In Progress on the Toolhub board.

Change 661243 merged by jenkins-bot:
[wikimedia/toolhub@main] api: Add SPDX endpoints