Skip to content

Remove license metadata from pyproject.toml to avoid misleading SPDX compliance #5116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Remove license metadata from pyproject.toml to avoid misleading SPDX compliance #5116

wants to merge 1 commit into from
+12 −1

Conversation

@abravalheri
Copy link
Contributor

@abravalheri abravalheri commented Nov 17, 2025
edited
Loading

Despite the fact that the setuptools own code is distributed under the MIT license, the project includes third-party code under different licenses.

For some downstream users, adding license = "MIT" to pyproject.toml is problematic under the lenses of PEP 639 because it may imply that all the files distributed by setuptools are licensed under MIT, which is not the case. See discussion in #5049.

By removing that metadata, setuptools should be "in the clear".

I understand that consumers of the package would prefer a complete SPDX license expression. However, as explained in #5049, this is currently not viable. In the future, setuptools may adopt SPDX expressions once tools exist in the Python ecosystem that can automatically compute them from a given set of files and directories.

For the time being, consumers interested in knowing license information should refer to the text in the license files being distributed.

Summary of changes

Closes #5049

Pull Request Checklist

@abravalheri
Avoid stating in metadata that the project as a whole uses MIT
7a40b6b 
Despite the code for `setuptools` itself be distributed under MIT,
setuptools includes third-party code with other licenses.

Adding `license = "MIT"` to `pyproject.toml` is problematic under the
lenses of PEP 639 because it may imply that all the files distributed by
setuptools are licensed under MIT which is not the case.

By removing that metadata, setuptools should be "in the clear".
@abravalheri abravalheri marked this pull request as ready for review November 17, 2025 18:06
@abravalheri abravalheri requested a review from jaraco November 21, 2025 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jaraco jaraco Awaiting requested review from jaraco

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

setuptools contains code under LGPLv3, BSD, Apache, and PSFL

1 participant

@abravalheri