Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/pkgsite: apache/trafficcontrol license is not recognized #44968

Closed
zrhoffman opened this issue Mar 12, 2021 · 4 comments
Closed

x/pkgsite: apache/trafficcontrol license is not recognized #44968

zrhoffman opened this issue Mar 12, 2021 · 4 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite/license Issues related to licenses on pkg.go.dev. See our license policy https://pkg.go.dev/license-policy pkgsite
Milestone
pkgsite/license

Comments

@zrhoffman
Copy link

What is the URL of the page with the issue?

https://pkg.go.dev/github.com/apache/trafficcontrol@v1.1.4-0.20210309024558-8db222c0d286/lib/go-tc

What is your user agent?

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4445.0 Safari/537.36

Screenshot

Screenshot of https://pkg.go.dev/github.com/apache/trafficcontrol@v1.1.4-0.20210309024558-8db222c0d286/lib/go-tc

What did you do?

Visited https://pkg.go.dev/github.com/apache/trafficcontrol@v1.1.4-0.20210309024558-8db222c0d286/lib/go-tc

What did you expect to see?

Documentation for github.com/apache/trafficcontrol/lib/go-tc

What did you see instead?

No documentation, only a list of directories

More information

The Apache Traffic Control license lists so many bundled dependencies that it does not meet the minimum license coverage threshold of 75% to be recognized as a valid license file. As of apache/trafficcontrol@8db222c0d2, the license only has 37.94% recognized coverage.

These bundled dependencies are listed in the LICENSE file itself because Apache projects are instructed to include a "pointer" in the LICENSE for each permissively-licensed dependency that the project bundles. From https://infra.apache.org/licensing-howto.html#permissive-deps:

In LICENSE, add a pointer to the dependency's license within the distribution and a short note summarizing its licensing:

This product bundles SuperWidget 1.2.3, which is available under a
"3-clause BSD" license. For details, see deps/superwidget/.

Some other Apache projects have their LICENSE file listed as an explicit license exception:

golang/pkgsite LRE License file
mynewt.lre and newtmgr.lre apache/mynewt-artifact
splunk.lre splunk/splunk-operator
@gopherbot gopherbot added this to the Unreleased milestone Mar 12, 2021
@zrhoffman zrhoffman mentioned this issue Mar 12, 2021
Closed
@gopherbot
Copy link

Change https://golang.org/cl/301229 mentions this issue: internal/licenses: add exception for a single bundled dependency pointer

@jamalc jamalc added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Mar 12, 2021
@jamalc jamalc modified the milestones: Unreleased, pkgsite/licenses Mar 12, 2021
@jamalc
Copy link

jamalc commented Mar 12, 2021

/cc @jba

@gopherbot
Copy link

Change https://golang.org/cl/302189 mentions this issue: internal/licenses: tweak atc exception and generate

@zrhoffman zrhoffman mentioned this issue Mar 16, 2021
Merged
6 tasks
gopherbot pushed a commit to golang/pkgsite that referenced this issue Mar 16, 2021
@jba
internal/licenses: tweak atc exception and generate
5a3c43e 
Reduce the number of unidentified words accepted by the atc-dependency
license exception. It still matches the Apache TrafficControl license
(https://github.com/apache/trafficcontrol/blob/master/LICENSE) with
over 80%.

Also, run `go generate` to incorporate the new exception into the
package.

For golang/go#44968

Change-Id: I6257e49e73f8bbdf0181898d7a3e514bacc6225e
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/302189
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Julie Qiu <julie@golang.org>
@zrhoffman zrhoffman mentioned this issue Apr 2, 2021
Closed
@gopherbot
Copy link

Change https://golang.org/cl/306730 mentions this issue: internal/licenses: Increase unidentified words allowed in atc exception

gopherbot pushed a commit to golang/pkgsite that referenced this issue Apr 2, 2021
@zrhoffman @jba
internal/licenses: Increase unidentified words allowed in atc exception
d32369b 
Increase the number of unidentified words accepted by the atc-dependency
license exception for package and repo names by 1.

The current atc license exception works for the Apache Traffic Control
master branch, but the 5.1.x release branch license
(https://github.com/apache/trafficcontrol/blob/5.1.x/LICENSE) only has
66% coverage. This CL brings it up to 79%.

For golang/go#44968

Change-Id: I594a7bb8ff8383a04baa59abb2b9a2f9c0570d27
GitHub-Last-Rev: 0821f01
GitHub-Pull-Request: #25
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/306730
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Trust: Jamal Carvalho <jamal@golang.org>
@golang golang locked and limited conversation to collaborators Apr 2, 2022
@hyangah hyangah added the pkgsite/license Issues related to licenses on pkg.go.dev. See our license policy https://pkg.go.dev/license-policy label May 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite/license Issues related to licenses on pkg.go.dev. See our license policy https://pkg.go.dev/license-policy pkgsite
Projects
None yet
Milestone
pkgsite/license
Development

Successfully merging a pull request may close this issue.

internal/licenses: add exception for a single bundled dependency pointer
4 participants
@hyangah @gopherbot @zrhoffman @jamalc