[gnome-software.wiki] Update Software metadata

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-software.wiki] Update Software metadata
Date: Fri, 17 Sep 2021 16:06:55 +0000 (UTC)
commit 810af78ea6847cb7457f8c0d80d09f6ebb68a93a
Author: Philip Withnall <philip tecnocode co uk>
Date:   Fri Sep 17 16:06:55 2021 +0000

    Update Software metadata

 Software-metadata.md | 37 +++++++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)
---
diff --git a/Software-metadata.md b/Software-metadata.md
index 64e71fb..8d31abf 100644
--- a/Software-metadata.md
+++ b/Software-metadata.md
@@ -164,14 +164,47 @@ Use [the OARS generator](https://hughsie.github.io/oars/) to produce suitable co
 How to fix incorrect licensing information
 ---
 
+The licensing information for an application is stored in the 
[`<project_license>`](https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html#tag-project_license)
 element within the application’s `<component>` in its metainfo file.
+
+The content in this element should be an [SPDX expression](https://spdx.org/specifications) which describes 
the ‘main’ license for the project. This should typically be the license of the code, and not include the 
license of the documentation or ancillary content.
+
+If the SPDX expression is a single license, or an ‘or’ combination of multiple licenses, which are all [FSF 
or OSI approved](https://spdx.org/licenses/), the application is considered ‘free software’ and the license 
tile says so. Otherwise, it’s considered ‘proprietary’.
+
+If an application is being displayed as ‘proprietary’ when you think it shouldn’t be, it’s likely that the 
`<project_license>` element includes the documentation license for the project. Remove it.
+
+[For example](https://gitlab.gnome.org/GNOME/meld/-/issues/579), change the license metadata from:
+```xml
+<project_license>GPL-2.0+ and CC-BY-SA-3.0</project_license>
+```
+to
+```xml
+<project_license>GPL-2.0+</project_license>
+```
+
+Further reading:
 - [Don’t (generally) put documentation license in 
appdata](https://tecnocode.co.uk/2021/07/05/dont-generally-put-cc-by-sa-in-appdata/)
-- TODO
+- https://github.com/ximion/appstream/issues/312
 
 How to fix incorrect safety and permissions information
 ---
 
+The safety and permissions information for an application comes from different sources depending on how the 
application is packaged. For traditionally packaged applications, for example in RPM or DEB format, there is 
no safety or permissions information available and nothing can currently be done to add it to an application.
+
+For flatpak applications, the information comes from the application’s [flatpak 
manifest](https://docs.flatpak.org/en/latest/manifests.html), specifying what holes in the sandbox the 
application requires. Each of these holes typically contributes to lowering the displayed safety level of the 
application in gnome-software — moving it from ‘safe’ to ‘potentially unsafe’ to ‘unsafe’.
+
+In order to improve the safety level of an application, its sandboxing must be made as tight as possible, by 
removing [sandbox permissions](https://docs.flatpak.org/en/latest/sandbox-permissions.html) where they’re not 
needed, and using [portals](https://docs.flatpak.org/en/latest/desktop-integration.html#portals) instead of 
sandbox permissions where possible. Use of portals does not lower the displayed safety level of an 
application in gnome-software.
+
+For example, if the application requests read/write access to the full file system (`--filesystem=host`), 
does it actually need that, or does it only need to access files in a few specific locations? If so, the 
[file portal](https://docs.flatpak.org/en/latest/desktop-integration.html#portals) could be used, or more 
specific [file system 
permissions](https://docs.flatpak.org/en/latest/sandbox-permissions-reference.html#filesystem-permissions) 
could be specified.
+
+If the application works on Wayland, and only needs to work on X11 as a fallback, without using special X11 
features, could it use `--socket=fallback-x11` rather than `--socket=x11`?
+
+Guidance about specific permissions, or other packaging formats, may be added here in future.
+
+Further reading:
  - https://docs.flatpak.org/en/latest/sandbox-permissions.html
- - TODO
+ - https://docs.flatpak.org/en/latest/sandbox-permissions-reference.html
+ - https://docs.flatpak.org/en/latest/manifests.html
+ - https://docs.flatpak.org/en/latest/desktop-integration.html#portals
 
 How to set the carousel tile background colour
 ---
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]