New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
go.dev: detect licenses for modules not at their repository roots #37437
Comments
I personally think this is the correct position; otherwise if I install/use the module via proxy.golang.org there will be no license distributed with the code I am using, which seems wrong. The module is the unit of source code exchange and versioning; it seems a sensible requirement to have the license be part of that. |
I agree that this is a bit bizarre, though. Do we expect an open source monorepo with dozens of published modules to contain dozens of exact copies of its license? If that's what we expect, I don't think it has been communicated well enough. |
Note that this is all confused by the fact that the |
I didn't know about the LICENSE propagation. That's sort of good news. For me in particular if pkg.go.dev supports dual-licensed projects where the licenses are merged into one LICENSE file. |
I created a testing branch of gioui.org with the merged LICENSE file, here, tagged "license-debug". Is there a way to test whether pkg.go.dev accepts the merged LICENSE without pushing the change to master? licensecheck doesn't seem offer a cli version. |
I'm lazy, so I opted to simply merge the licenses into LICENSE and push to master. It worked! See https://pkg.go.dev/mod/gioui.org?tab=licenses I'm closing this issue because I'm happy: license propagation works without awkward duplication and the licensing babble is confined to a single file, LICENSE. Thanks for the tip, @heschik. |
@jba brought up an issue where pkg.go.dev fails to detect a license for a module that is not at thei repository root. Example:
https://pkg.go.dev/gioui.org/example
The reason is that while the repository for the gioui.org/example module,
https://git.sr.ht/~eliasnaur/gio/tree
does have detectable licenses, the module rooted at
https://git.sr.ht/~eliasnaur/gio/tree/master/example
doesn't.
@jba points out that pkg.go.dev works in terms of module zip files, which only contain files in the module tree. The module zip for gioui.org/example does not contain the UNLICENSE nor LICENSE-MIT files from the parent directory.
However, forcing licensing files at every module root feels like bending too much for the licensing detection tool. I don't particularly mind copying the license files to my nested modules gioui.org/example and gioui.org/cmd, but I would not appreciate this restriction if I had an otherwise non-Go repository that happened to contain a minor Go module in a subdirectory.
What did you expect to see?
A license detected on https://pkg.go.dev/gioui.org/example.
What did you see instead?
No licenses detected for https://pkg.go.dev/gioui.org/example.
The text was updated successfully, but these errors were encountered: