Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auto-detect unknown licenses #739

Open
narfbg opened this issue Oct 19, 2016 · 5 comments
Open

Auto-detect unknown licenses #739

narfbg opened this issue Oct 19, 2016 · 5 comments
Labels
Feature

Comments

@narfbg
Copy link

narfbg commented Oct 19, 2016

The "license" property in the composer schema is restrictive in that it only allows SPDX-listed identifiers. And while that encourages usage of popular open-source licenses, it does have downsides ...

In my case, I managed to convince management at my workplace to publish some libraries as open-source, but we do use a custom (still permissive) license, and I have no way of pointing to it from packagist.
Listing it as "proprietary" would be incorrect (and is really vague for maintainers who do this). There's no option to do something like phpDoc's @license thing where you can specify both a label and a link to the license.

I'd like to propose searching for a "LICENSE", "LICENSE.txt" or "LICENSE.md" file on GitHub, GitLab (and probably other similar services) repositories in case there's no "license" property in composer.json. I see no downsides to this.
@Seldaek
Copy link
Member

Seldaek commented Nov 2, 2016

I guess we would need another thing to proprietary, maybe custom or so that indicates it is non-standard but not closed. I am not sure I understand what you are suggesting we do with the LICENSE file.

@narfbg
Copy link
Author

narfbg commented Nov 3, 2016

Well, my idea was to have a way to link non-standard licenses.

It could happen via special syntax, which I'd argue would be beneficial for "proprietary" too:

"license": [
    "custom <url>",
    "proprietary <url>"
]

... or:

"license": {
    "custom": "<url>",
    "proprietary": "<url>"
}

But since GitHub already encourages putting LICENSE.md files in repositories, I thought it may be better to search for that and link to it from the packagist page.
Better IMO, because that way a license can be auto-detected for packages that haven't specified it in composer.json, though surely that does require more work.

@stof
Copy link
Contributor

stof commented Nov 3, 2016

Auto-detecting the license for github repo would be possible by using the github API, as they expose their own license detection. But the issue is that composer allows to have a different license per version (allowing for instance to change license at some point) while the github API only gives access to the license in the default branch. So this would not work well.

And I don't think we want to implement license guessing in composer itself.

@Seldaek
Copy link
Member

Seldaek commented Nov 3, 2016

Yeah I like the first idea of allowing an optional URL following the custom/proprietary. The best though would be to use a standardized license because most devs aren't lawyers and if we can't rely on standards to know what licenses mean, it's kinda impossible to follow terms IMO.

@narfbg
Copy link
Author

narfbg commented Nov 3, 2016

Indeed, using the standardized/popular licenses should still be encouraged.

I only wish for the non-standard ones to be at least reachable for users who want to read them, while currently only an "Unknown" label is shown.
I don't really mind if the label <url> (or similar) syntax is the way to go. In fact, I blindly tried that in the first place. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alcohol @Seldaek @stof @narfbg