chore: align license metadata

airmang · airmang · commit 5862f0b07691 · 2026-03-10T10:06:52.000+09:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 모든 중요한 변경 사항은 이 문서에 기록됩니다. 형식은 [Keep a Changelog](https://keepachangelog.com/ko/1.1.0/)과 [Semantic Versioning](https://semver.org/lang/ko/)을 따릅니다.
 
+## [2.8.3] - 2026-03-10
+### 변경
+- 저장소와 배포 메타데이터의 라이선스 표기를 실제 `LICENSE` 파일과 일치하도록 정렬했습니다.
+- `pyproject.toml`을 PEP 639 방식의 `LicenseRef-python-hwpx-NonCommercial` + `license-files` 구성으로 갱신하고, 잘못된 MIT 분류자를 제거했습니다.
+- README 라이선스 배지/섹션을 커스텀 비상업적 라이선스 기준으로 수정하고, wheel/sdist 산출물의 라이선스 메타데이터를 검증하는 회귀 테스트를 추가했습니다.
+
 ## [2.8.2] - 2026-03-08
 ### 변경
 - README를 현재 공개 API와 CLI 범위에 맞춰 정리했습니다. Quick start, 텍스트 추출, 객체 검색 예시를 실제 호출 방식 기준으로 수정했습니다.
diff --git a/DevDoc/license-alignment-audit.md b/DevDoc/license-alignment-audit.md
@@ -0,0 +1,41 @@
+# License Alignment Audit
+
+Date: 2026-03-10
+
+## Files inspected
+
+- `LICENSE`
+- `README.md`
+- `pyproject.toml`
+- `docs/conf.py`
+- `CONTRIBUTING.md`
+- `.github/workflows/release.yml`
+- `.github/workflows/tests.yml`
+- `scripts/build-and-publish.sh`
+- `tests/test_packaging_py_typed.py`
+- Repo-wide searches across `docs/`, `.github/`, `DevDoc/`, `CHANGELOG.md`, and the repository root for license-related metadata and MIT references
+
+## Contradictions found before this change
+
+- `LICENSE` defined a custom non-commercial license and named `python-hwpx Maintainers` as the copyright holder.
+- `README.md` showed an MIT badge and an MIT license section, which contradicted the actual license text.
+- `README.md` attributed the license line to `고규현 (Kyuhyun Koh)`, while the `LICENSE` file and package metadata used `python-hwpx Maintainers`.
+- `pyproject.toml` used the legacy `license = { file = "LICENSE" }` form and also published the classifier `License :: OSI Approved :: MIT License`, which falsely represented the distribution as MIT-licensed.
+
+## Source of truth
+
+- The repository root `LICENSE` file is the source of truth for license terms.
+- This audit treats the project as remaining under its existing custom non-commercial license. No evidence of an intentional relicensing to MIT was found elsewhere in the repository.
+
+## Decision summary
+
+- Preserve the current non-commercial custom license.
+- Align public-facing metadata and README wording to that license.
+- Use modern packaging metadata that points built distributions back to the root `LICENSE` file without inventing an OSI identifier.
+- Remove conflicting MIT wording and the MIT trove classifier rather than replacing it with another potentially ambiguous license classifier.
+
+## Notes on surfaces inspected
+
+- `docs/conf.py` already used `python-hwpx Maintainers` and did not restate MIT licensing.
+- No GitHub Pages or docs markdown pages were found to restate the project license.
+- The release workflow already builds distributions and runs `twine check`, so it was left in place and used for verification after the metadata update.
diff --git a/DevDoc/license-metadata-policy.md b/DevDoc/license-metadata-policy.md
@@ -0,0 +1,28 @@
+# License Metadata Policy
+
+## Source of truth
+
+- The root `LICENSE` file defines the project's license terms.
+- Metadata changes must reflect the current `LICENSE` text. Do not treat README text, badges, or historical PyPI metadata as authoritative.
+
+## Packaging rule
+
+- `pyproject.toml` must represent the current custom license with `project.license = "LicenseRef-python-hwpx-NonCommercial"`.
+- `pyproject.toml` must list `project.license-files = ["LICENSE"]` so both `sdist` and `wheel` carry the license file.
+- Keep the build backend compatible with that metadata format by requiring `setuptools>=77.0.0`.
+
+## Classifier rule
+
+- Do not add `License ::` trove classifiers for this project unless the `LICENSE` file changes to a classifier-backed license and the classifier is verified to be accurate.
+- For the current custom non-commercial license, leaving license classifiers unset is less ambiguous than picking an approximate classifier.
+
+## README rule
+
+- The README badge and license section must describe the project as using a custom non-commercial license and link to `LICENSE`.
+- If contact information is updated, keep it distinct from the copyright/licensing line unless the `LICENSE` file is updated too.
+
+## Verification rule
+
+- Before release or after touching license metadata, run `python -m build` and `twine check dist/*`.
+- Inspect built `PKG-INFO` and wheel `METADATA` for `License-Expression: LicenseRef-python-hwpx-NonCommercial` and `License-File: LICENSE`.
+- Confirm the wheel contains `.dist-info/licenses/LICENSE` and the sdist contains the root `LICENSE` file.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
   <p align="center">
     <a href="https://pypi.org/project/python-hwpx/"><img src="https://img.shields.io/pypi/v/python-hwpx?color=blue&label=PyPI" alt="PyPI"></a>
     <a href="https://pypi.org/project/python-hwpx/"><img src="https://img.shields.io/pypi/pyversions/python-hwpx" alt="Python"></a>
-    <a href="https://github.com/airmang/python-hwpx/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-MIT-green" alt="License"></a>
+    <a href="https://github.com/airmang/python-hwpx/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-Custom%20Noncommercial-orange" alt="License: Custom Non-Commercial"></a>
     <a href="https://airmang.github.io/python-hwpx/"><img src="https://img.shields.io/badge/docs-Sphinx-8CA1AF" alt="Docs"></a>
   </p>
 </p>
@@ -286,13 +286,15 @@ pytest
 
 ## License
 
-[MIT](LICENSE) © 고규현 (Kyuhyun Koh)
+[Custom Non-Commercial License](LICENSE) © python-hwpx Maintainers
+
+Commercial use requires separate permission from the copyright holders.
 
 <br>
 
-## Author
+## Maintainer
 
-**고규현** — 광교고등학교 정보·컴퓨터 교사
+Primary maintainer/contact: **고규현** — 광교고등학교 정보·컴퓨터 교사
 
 - ✉️ [kokyuhyun@hotmail.com](mailto:kokyuhyun@hotmail.com)
 - 🐙 [@airmang](https://github.com/airmang)
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,13 +1,14 @@
 [build-system]
-requires = ["setuptools", "wheel"]
+requires = ["setuptools>=77.0.0", "wheel"]
 build-backend = "setuptools.build_meta"
 
 [project]
 name = "python-hwpx"
-version = "2.8.2"
+version = "2.8.3"
 description = "Hancom HWPX 패키지를 로드하고 편집하기 위한 Python 유틸리티 모음"
 readme = { file = "README.md", content-type = "text/markdown" }
-license = { file = "LICENSE" }
+license = "LicenseRef-python-hwpx-NonCommercial"
+license-files = ["LICENSE"]
 requires-python = ">=3.10"
 authors = [
     { name = "python-hwpx Maintainers" },
@@ -16,7 +17,6 @@ keywords = ["hwp", "hwpx", "hancom", "opc", "xml"]
 classifiers = [
     "Development Status :: 3 - Alpha",
     "Intended Audience :: Developers",
-    "License :: OSI Approved :: MIT License",
     "Programming Language :: Python :: 3",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
@@ -35,6 +35,7 @@ dev = [
     "pytest>=7.4",
 ]
 test = [
+    "build>=1.0",
     "pytest>=7.4",
     "pytest-cov>=5.0",
 ]
diff --git a/tests/test_packaging_license_metadata.py b/tests/test_packaging_license_metadata.py
@@ -0,0 +1,63 @@
+from __future__ import annotations
+
+import subprocess
+import sys
+import tarfile
+from pathlib import Path
+from zipfile import ZipFile
+
+import pytest
+
+
+LICENSE_EXPRESSION = "LicenseRef-python-hwpx-NonCommercial"
+
+
+def _build_distribution(tmp_path: Path, distribution: str) -> Path:
+    pytest.importorskip("build")
+
+    project_root = Path(__file__).resolve().parents[1]
+    build_args = [
+        sys.executable,
+        "-m",
+        "build",
+        f"--{distribution}",
+        "--outdir",
+        str(tmp_path),
+    ]
+    subprocess.run(build_args, cwd=project_root, check=True)
+
+    pattern = "*.whl" if distribution == "wheel" else "*.tar.gz"
+    return next(tmp_path.glob(pattern))
+
+
+@pytest.mark.parametrize("distribution", ["wheel", "sdist"])
+def test_built_distributions_expose_custom_license_metadata(
+    tmp_path: Path, distribution: str
+) -> None:
+    artifact = _build_distribution(tmp_path, distribution)
+
+    if distribution == "wheel":
+        with ZipFile(artifact) as wheel_archive:
+            members = set(wheel_archive.namelist())
+            metadata_name = next(
+                name for name in members if name.endswith(".dist-info/METADATA")
+            )
+            metadata = wheel_archive.read(metadata_name).decode("utf-8")
+
+        assert f"License-Expression: {LICENSE_EXPRESSION}" in metadata
+        assert "License-File: LICENSE" in metadata
+        assert "Classifier: License ::" not in metadata
+        assert any(name.endswith(".dist-info/licenses/LICENSE") for name in members)
+        return
+
+    with tarfile.open(artifact, "r:gz") as sdist_archive:
+        members = sdist_archive.getnames()
+        pkg_info_name = next(name for name in members if name.endswith("/PKG-INFO"))
+        pkg_info_member = sdist_archive.extractfile(pkg_info_name)
+        assert pkg_info_member is not None
+        metadata = pkg_info_member.read().decode("utf-8")
+
+    assert f"License-Expression: {LICENSE_EXPRESSION}" in metadata
+    assert "License-File: LICENSE" in metadata
+    assert "Classifier: License ::" not in metadata
+    assert any(name.endswith("/LICENSE") for name in members)
