Comments (6)
agibson-bluecat
commented on July 17, 2024
2
@Bobgy I think it would be nice to allow manual path overrides by the user in case they have dependencies which use non-standard paths for their license files. This way the behaviour of go-licenses could be predictable (even for repos with dual licenses), and we wouldn't need to wait for go-licenses to add support for every license location that any module uses.
For example, I'm having an issue with the dependency github.com/hashicorp/cronexpr. This repo has dual licenses available at /GPLv3 and /APLv2. go-licenses doesn't recognize any license file in this repo, so it ends up outputting:
github.com/hashicorp/cronexpr,Unknown,Unknown
To make the go-licenses tool's behaviour as predictable as possible, I think something like the following would be a nice feature:
go-licenses csv . --override-license-paths overrides.json
Where the contents of overrides.json is a set of repo -> path kv pairs:
{
"github.com/hashicorp/cronexpr": "/APLv2",
......
}
Another way to support this would be to allow multiple inline --override-path arguments, for example:
go-licenses csv . --override-path 'github.com/hashicorp/cronexpr=/APLv2' --override-path ......
What do you think?
from go-licenses.
Bobgy
commented on July 17, 2024
It's very complex to programmatically understand the difference between dual-licensed (user can choose a license) vs contains code for both licenses (user must comply with both).
Yes, I think reporting both and show a warning to ask users to check can be a good step forward.
Open for suggestions and contribution.
from go-licenses.
Bobgy
commented on July 17, 2024
Makes perfect sense to me.
Regarding how to override, ideally we support both an arg as well as a config file.
viper seems to be a go to option to achieve that.
from go-licenses.
Bobgy
commented on July 17, 2024
Welcome contributions in this direction!
from go-licenses.
Bobgy
commented on July 17, 2024
JFYI, https://stackoverflow.com/a/58470849 seems to be a code example to achieve that
from go-licenses.
Bobgy
commented on July 17, 2024
Also note more complex cases exist:
- One package has multiple licenses
- One module has multiple packages with licenses
- One module has non standard and unrecognizable license, so specifying license path may not be enough
We don't need to solve all of them at once, but for any proposed solution, it's better to quickly think how it may be extended for future requirements.
from go-licenses.
Related Issues (20)
- Improper `isStdlib()` path check using `strings.HasPrefix()` HOT 2
- Wrong GOROOT is used when go-licenses builds and runs on different environments HOT 6
- Enable module version logging in custom reports
- go-licenses with go vendoring HOT 2
- go-licenses command is not recognized HOT 1
- How to check all licenses in a project? HOT 2
- `LICENSE` file in repo root is ignored HOT 4
- LICENSE detection is OS specific HOT 5
- go-licenses doesn't work when installed with versioned go HOT 3
- insufficient confidence threshold when identifying a BSD 2-Clause like license HOT 3
- Upgrade to google/licenseclassifier v2 HOT 2
- Prepare for v2 release HOT 5
- Help needed resolving `github.com/otiai10/copy` diamond dependency problem HOT 5
- Flags stdilb as "does not have module info" when on `go 1.21.X` HOT 6
- Ignore `W0104 contains non-Go code` warnings in errors
- Migrate to newer go-git HOT 1
- Reporting warnings for external packages on Windows
- no way to legally construct a source.Client
- How to display verbose logging?
- align license detection with golang.org/x/pkgsite/internal/licenses HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-licenses.