Open neverendingqs opened 7 years ago
Should we really be "guessing" when it comes to license compliance?
It depends on how much you trust https://github.com/davglass/license-checker/blob/master/lib/license.js?r=f58b20c.
The current tool looks at package.json
for "exact" checks, which doesn't necessarily have to be correct either. (To be fair, incorrect declarations in package.json
could maybe be pushed back to the owner not declaring their license properly / IANAL).
I agree with Jeff, but newer contributors to this project seem to like less strict checking. If less maintenance work is desired than that is fine with me. It would be nice to have official D2L guidelines about what is OK to do for automated license checking.
For example we already made the assumption that minor version changes won't change the license.
Feel free to close this - I'm happy without this with #50 and #51 on the horizon.
Request: add an option that toggles matching for guessed licenses.
As per https://github.com/Brightspace/license-checker-ci/blob/master/bin/license-checker-ci?at=b5c57a7#L90 and:
the tool attempts to guess which licenses are used based on a file other than
package.json
.Depending on the context, guessed licenses might be sufficient to satisfy licensing needs.