NOTE: License 'LGPL (>= 3)' unknown; licenses cannot restrict use

[hpages]

Running R CMD BiocCheck on the RiboDiPA package (version 0.99.19) produces the following note:

* Checking License: for restrictive use...
    * NOTE: License 'LGPL (>= 3)' unknown; licenses cannot restrict use

Bioconductor has plenty of packages (more than 3 dozens) that have LGPL-3 or LGPL (>= 3) in their License field and that's fine. More generally speaking LGPL is notorious for being one of the most permissive license there is, whatever its version. In particular it doesn't restrict use or redistribution in any way.

Also R CMD check is pretty good at checking the License field and it says nothing in this case so it's pretty safe to assume that LGPL (>= 3) is a valid value for this field.

Finally, if a license is unknown, let's not assume that it restricts use.

[LiNk-NY]

I think it's better to err on the side of caution rather than assume an unknown license does not restrict use.
We can update the list of accepted licenses as they become known.
Perhaps this should be set to Restrictive == "no" in the database? @lshep?

[hpages]

If a licence is unknown we can't assume anything. I just find the sequence "License blah blah is unknown; Licenses cannot restrict use" a little strange. Like if the 2 things were connected. It kind of suggests that an unknown license restricts use. But maybe it doesn't, maybe it's just me, in which case all is fine.

Except that yes, LGPL (>= 3) should be set to Restrictive == "no". Thanks!

[lshep]

Yes we should update as they become known.
Yes restrictive=="no" seems appropriate

[zeehio]

The problem here is that BiocCheck does not parse the License field in the DESCRIPTION file according to the specifications from https://cran.r-project.org/doc/manuals/r-release/R-exts.html#Licensing

Because of a lack of a better parsing, a License value such as LGPL (>= 3) is not matched against any of the licenses from the license database:

And the check fails because "the license is unknown".

If someone wants to work on this issue they should improve how the license field is parsed in https://github.com/Bioconductor/BiocCheck/blob/devel/R/checks.R#L2212 to cover the specifications in license parsing from the link above.

There is no need to change "restrictive yes or no". Currently the LGPL is not set to "yes" and therefore it is not considered to restrict use, so if it was parsed properly it would pass the test.

If you don't mind using a private function from the tools package (or copying it if BiocCheck has a compatible license) you could use:

tools:::analyze_licenses("GPL (>= 2)")
#>   is_empty is_canonical bad_components is_standardizable is_verified
#> 1    FALSE         TRUE                             TRUE        TRUE
#>   standardization components   expansions extensions pointers is_FOSS
#> 1      GPL (>= 2) GPL (>= 2) GPL-2, GPL-3       NULL     NULL    TRUE
#>   restricts_use
#> 1         FALSE

^{Created on 2022-08-11 by the reprex package (v2.0.1)}

[vjcitn]

Perhaps the wording of this message

NOTE: License 'LGPL (>= 3)' unknown; licenses cannot restrict use

can be changed to be more informative and prescriptive.

If we can't recognize the license token used in DESCRIPTION, it could certainly be a warning event.

WARNING: License '[unrec]' is not recognized by BiocCheck/Bioconductor.  
   Please use a tag from [give a reference to the recognized tags] or contact [who?] 
   to add a tag for an unrestrictive license.

[zeehio]

Since BiocCheck already seems to use some private functions from the tools package I could provide a pull request that uses tools:::analyze_licenses to parse and see if it has the restrict_use flag or not.

But since I don't maintain BiocCheck I don't know if you would be happy with such implementation

[vjcitn]

Should we try to get that analyze_licenses function exported?

[LiNk-NY]

Thanks Sergio, @zeehio
It would be great if tools:::analyze_licenses could be officially exported from the tools package.
It would simplify our code.

I've created a branch for this at https://github.com/Bioconductor/BiocCheck/tree/analyze_licenses

[zeehio]

It would be good for BiocCheck to get the tools package to export that function. It's nice that you created that branch.

I wonder what's the action plan to get this issue fixed from where we are:

Are you going to merge the branch you created and use the tools private functions, requesting the export of that function now in parallel or in the future when BiocCheck is more mature?

Would you like further testing of the branch you created in order to merge it?

Or do you have some other plan to proceed?

Just wondering. All options have pros and cons so whatever you (maintainers) decide is fine for me. I'd suggest use the private function as soon as possible because it fixes a fairly common false positive and the tools package does not change that much that often, but maybe you have different priorities.

Thanks for your work!