Bug 454480 - Discover shows inaccurate warning about proprietary software for open-source Snap applications
Summary: Discover shows inaccurate warning about proprietary software for open-source ...
Status: RESOLVED FIXED
Alias: None
Product: Discover
Classification: Unclassified
Component: Snap Backend (show other bugs)
Version: 5.24.90
Platform: Neon Packages Linux
: VHI normal
Target Milestone: ---
Assignee: Aleix Pol
URL:
Keywords: regression
Depends on:
Blocks:
 
Reported: 2022-05-27 11:09 UTC by kskot
Modified: 2022-08-03 13:54 UTC (History)
5 users (show)

See Also:
Latest Commit:
Version Fixed In: 5.25.4


Attachments
warning text shown for kdenlive (78.28 KB, image/png)
2022-05-27 14:55 UTC, kskot
Details

Note You need to log in before you can comment on or make changes to this bug.
Description kskot 2022-05-27 11:09:46 UTC
SUMMARY
Discover shows a warning about proprietary software for snap applications. The warning text reads "This application's source code is partially or entirely closed [...]". This warning text is also shown for open source applications. So I assume this warning is triggered because of the snap backend. The warning should either be removed, because the application is in fact open source or the warning text should specifically be about the snap backend.


STEPS TO REPRODUCE
1. open Discover
2. navigate any KDE app which is available via snap
3. Click on the warning button near the license box
4. notice the the warning text 

OBSERVED RESULT


EXPECTED RESULT


SOFTWARE/OS VERSIONS
KDE neon Plasma 24.90 beta
Comment 1 Nate Graham 2022-05-27 14:15:46 UTC
All snap apps, or just a specific one? Can you attach a screenshot of one?
Comment 2 kskot 2022-05-27 14:55:41 UTC
Created attachment 149262 [details]
warning text shown for kdenlive

The warning showed up for every snap application I checked on Discover. See the attachment for an example.
Comment 3 Nate Graham 2022-06-01 15:56:46 UTC
That is strange. It even shows "GPL-2.0+" but colors it orange. This is probably a code error in the Snap backend, where it mis-identifies that license as proprietary.
Comment 4 ManuelBoe 2022-06-27 22:09:09 UTC
The issue seems to occur when the licence does not match the pattern expected by Discover. 
For example, if applications use only GPL as the licence description instead of gpl-2.0.

The following licence descriptions are frequently used and wrongly marked as non-free:

GPL
GPL3
BSD
Comment 5 ManuelBoe 2022-06-27 22:13:01 UTC
(In reply to Nate Graham from comment #3)
> That is strange. It even shows "GPL-2.0+" but colors it orange. This is
> probably a code error in the Snap backend, where it mis-identifies that
> license as proprietary.

There are also applications from the Manjaro repositories that are wrongly marked as nonfree.

For example:
Latte - GPL
Onboard - GPL
Leafpad - GPL
Accerciser - BSD
QVKbd - GPL3
Deepin Terminal - GPL3
Comment 6 David Edmundson 2022-07-12 09:17:35 UTC
The code checks against a whitelist of open source licenses.

Anything not a valid SPDX identifier (i.e  "GPL") will fail the check.
Comment 7 Bug Janitor Service 2022-07-20 21:52:23 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/discover/-/merge_requests/332
Comment 8 Aleix Pol 2022-07-25 23:25:51 UTC
Git commit 2787a5292608115140e618bf904dd1eadfa70a52 by Aleix Pol Gonzalez, on behalf of Aleix Pol.
Committed on 25/07/2022 at 23:19.
Pushed by apol into branch 'master'.

pk: Try harder to convert non-appstream packages licences

It will try to use as_license_to_spdx_id which does its best guess,
hopefully it will be enough on most cases, will submit some others that
I've seen upstream to catch some other cases.

M  +1    -1    discover/qml/ApplicationPage.qml
M  +23   -18   libdiscover/appstream/AppStreamUtils.cpp
M  +2    -0    libdiscover/appstream/AppStreamUtils.h
M  +36   -1    libdiscover/backends/PackageKitBackend/PackageKitResource.cpp

https://invent.kde.org/plasma/discover/commit/2787a5292608115140e618bf904dd1eadfa70a52
Comment 9 Aleix Pol 2022-07-25 23:27:57 UTC
Git commit 8c6160822d83e0825fc49fcc4ac5af160d2fe9ec by Aleix Pol Gonzalez, on behalf of Aleix Pol.
Committed on 25/07/2022 at 23:27.
Pushed by apol into branch 'Plasma/5.25'.

pk: Try harder to convert non-appstream packages licences

It will try to use as_license_to_spdx_id which does its best guess,
hopefully it will be enough on most cases, will submit some others that
I've seen upstream to catch some other cases.


(cherry picked from commit 2787a5292608115140e618bf904dd1eadfa70a52)

M  +1    -1    discover/qml/ApplicationPage.qml
M  +23   -18   libdiscover/appstream/AppStreamUtils.cpp
M  +2    -0    libdiscover/appstream/AppStreamUtils.h
M  +36   -1    libdiscover/backends/PackageKitBackend/PackageKitResource.cpp

https://invent.kde.org/plasma/discover/commit/8c6160822d83e0825fc49fcc4ac5af160d2fe9ec
Comment 10 Patrick Silva 2022-08-03 13:54:15 UTC
This bug persists on Arch Linux after update to Plasma 5.25.4. Can reproduce with snap versions of SupertuxKart game and Clementine music player, for example.