Closed isoos closed 4 years ago
@isoos – do we have examples of this for published packages? Just curious...
Leaving a link to matching guidelines here: https://spdx.org/spdx-license-list/matching-guidelines
The updated package stats tool revealed that we have only a few packages that include multiple license files, many of them seem to include the extra file by accident:
"moreThanOne": {
"sunmi": 3,
"api": 2,
"architecture_component": 2,
"architecture_generator": 2,
"fluent_validation": 2,
"flute_music_player": 2,
"flutter_ffmpeg": 2,
"hello_example": 2,
"hex": 2,
"horizontal_select": 2,
"omniverse": 2,
"persian_utils": 2,
"rondy_bottom_navigation_bar": 2,
"save_image": 2,
"spotify_playback": 2,
"testhaipham_example": 2,
"tinylog": 2,
"widgets_visibility_provider": 2,
"yui": 2
}
(tool: https://github.com/dart-lang/pub-dev/pull/3900)
I think it is not worth to detect multiple files, rather the package should follow a predefined layout, where the license file selection is clearly defined.
I completely agree here. Keep it simple. Absolutely not worth the complexity
On Fri, Jul 31, 2020, 06:37 István Soós notifications@github.com wrote:
The updated package stats tool revealed that we have only a few packages that include multiple license files, many of the seem to include it by accident:
"moreThanOne": { "sunmi": 3, "api": 2, "architecture_component": 2, "architecture_generator": 2, "fluent_validation": 2, "flute_music_player": 2, "flutter_ffmpeg": 2, "hello_example": 2, "hex": 2, "horizontal_select": 2, "omniverse": 2, "persian_utils": 2, "rondy_bottom_navigation_bar": 2, "save_image": 2, "spotify_playback": 2, "testhaipham_example": 2, "tinylog": 2, "widgets_visibility_provider": 2, "yui": 2 }
(tool: dart-lang/pub-dev#3900 https://github.com/dart-lang/pub-dev/pull/3900)
I think it is not worth to detect multiple files, rather the package should follow a predefined layout, where the license file selection is clearly defined.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/dart-lang/pana/issues/92#issuecomment-667123532, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAEFCXNEDVKF77B3ARHVZTR6LCIVANCNFSM4D2ZVY5Q .
Your analysis is missing package:yaml
, but I agree, a single LICENSE file should do.
Your analysis is missing package:yaml
Yeah, we were not detecting the -license.txt
files. However, I'd argue that the package should have a single entry point where I can understand the (composite) license easily, without having to look whether there are additional files. That file could be a single (common) license block, or a description of what is the effective license of the package.
Closing, as we've settled on detecting only a single license.
Examples: