Comments (8)
Possibly a breaking change to add it to the CSV
The csv format is fixed, I would not modify it.
but it could be added to the data available to templates.
Welcome a PR, this isn't too hard.
from go-licenses.
I noticed that problem 2 and 3 are mostly solved by pkgsite/source package.
While problem 1 -- distinguishing "major branch" and "major subdirectory" conventions
may still cause incorrect remote URLs.
We will still need to leave this issue as open.
from go-licenses.
Giving a breaking example for case 2 "support modules not at root":
$ go-licenses csv cloud.google.com/go/storage
...
cloud.google.com/go/storage, https://github.com/googleapis/google-cloud-go/blob/storage/v1.10.0/storage/LICENSE, Apache-2.0
...
Note the URL https://github.com/googleapis/google-cloud-go/blob/storage/v1.10.0/storage/LICENSE is broken, the correct URL should be https://github.com/googleapis/google-cloud-go/blob/storage/v1.10.0/LICENSE. The problem is caused by the fact that:
- for modules in a subdir of a repo, when go caches module files and found the submodule does not have a LICENSE file, it "magically" copies LICENSE file from root folder to the sub-module. e.g. https://github.com/googleapis/google-cloud-go/tree/storage/v1.10.0/storage
- therefore, go-licenses finds a LICENSE file at root of submodule and tries to guess its remote URL as root of submodule, while the actual LICENSE file is at root of repo
Note, adopting pkgsite/source allowed us to get the correct tag storage/v1.10.0
for this repo, but we still hit this LICENSE file path problem.
from go-licenses.
Examples for problem 1: distinguishing "major branch" and "major subdirectory" conventions
Major branch (result is correct)
Major branch: a new major version is released in a branch, source code is at root of repo.
gopkg.in/yaml.v2
License: https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE
Major subdirectory (incorrect)
Major subdir: a new major version is released in a subdir in the same branch as v1, source code for v2 is at a subdir ./v2/
github.com/googleapis/gax-go/v2
License: got https://github.com/googleapis/gax-go/blob/v2.1.1/v2/LICENSE, but should be https://github.com/googleapis/gax-go/blob/v2.1.1/LICENSE
Therefore, root cause for this failure example is in fact the same as #73 (comment). The guessed URL is incorrect for module not at the root of a repo.
from go-licenses.
Added a v2 proposal roadmap item: validate license URL by fetching it, we can detect these failures and turn the URL into unknown or try other locations again and finally verifying file content is exactly the same. With these workarounds, we can mitigate the issue of user unknowingly got an invalid URL.
from go-licenses.
Furthermore, we can solve all above broken cases by:
- Infer remote license URL as usual
- Fetch raw license file from remote, validate it's the same as the locally found license file
- If 2 failed, we can further try and validate LICENSE at repo root
- If everything failed, return UNKNOWN
from go-licenses.
Could you export a (versioned) URL to the root of the repo as well?
Possibly a breaking change to add it to the CSV, but it could be added to the data available to templates.
I'm creating a licenses page in my web app and would like to link the package name to the respective github (or wherever) page.
from go-licenses.
Okies, already started and have it basically working - unfortunately I won't have time to polish/finish it this/next week, but will do when I get to it.
from go-licenses.
Related Issues (20)
- Improper `isStdlib()` path check using `strings.HasPrefix()` HOT 2
- Wrong GOROOT is used when go-licenses builds and runs on different environments HOT 6
- Enable module version logging in custom reports
- go-licenses with go vendoring HOT 2
- go-licenses command is not recognized HOT 1
- How to check all licenses in a project? HOT 2
- `LICENSE` file in repo root is ignored HOT 4
- LICENSE detection is OS specific HOT 5
- go-licenses doesn't work when installed with versioned go HOT 3
- insufficient confidence threshold when identifying a BSD 2-Clause like license HOT 3
- Upgrade to google/licenseclassifier v2 HOT 2
- Prepare for v2 release HOT 5
- Help needed resolving `github.com/otiai10/copy` diamond dependency problem HOT 5
- Flags stdilb as "does not have module info" when on `go 1.21.X` HOT 6
- Ignore `W0104 contains non-Go code` warnings in errors
- Migrate to newer go-git HOT 1
- Reporting warnings for external packages on Windows
- no way to legally construct a source.Client
- How to display verbose logging?
- align license detection with golang.org/x/pkgsite/internal/licenses HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-licenses.