Detect multiple licenses

isoos commented 6 years ago

Examples:

https://github.com/dart-lang/dart-samples/blob/master/LICENSE
multiple license files at root
Use https://spdx.org/licenses/ classifications.

kevmoo commented 6 years ago

@isoos – do we have examples of this for published packages? Just curious...

jonasfj commented 4 years ago

Leaving a link to matching guidelines here: https://spdx.org/spdx-license-list/matching-guidelines

isoos commented 4 years ago

The updated package stats tool revealed that we have only a few packages that include multiple license files, many of them seem to include the extra file by accident:

    "moreThanOne": {
      "sunmi": 3,
      "api": 2,
      "architecture_component": 2,
      "architecture_generator": 2,
      "fluent_validation": 2,
      "flute_music_player": 2,
      "flutter_ffmpeg": 2,
      "hello_example": 2,
      "hex": 2,
      "horizontal_select": 2,
      "omniverse": 2,
      "persian_utils": 2,
      "rondy_bottom_navigation_bar": 2,
      "save_image": 2,
      "spotify_playback": 2,
      "testhaipham_example": 2,
      "tinylog": 2,
      "widgets_visibility_provider": 2,
      "yui": 2
    }

(tool: https://github.com/dart-lang/pub-dev/pull/3900)

I think it is not worth to detect multiple files, rather the package should follow a predefined layout, where the license file selection is clearly defined.

kevmoo commented 4 years ago

I completely agree here. Keep it simple. Absolutely not worth the complexity

On Fri, Jul 31, 2020, 06:37 István Soós notifications@github.com wrote:

The updated package stats tool revealed that we have only a few packages that include multiple license files, many of the seem to include it by accident:
"moreThanOne": {
  "sunmi": 3,
  "api": 2,
  "architecture_component": 2,
  "architecture_generator": 2,
  "fluent_validation": 2,
  "flute_music_player": 2,
  "flutter_ffmpeg": 2,
  "hello_example": 2,
  "hex": 2,
  "horizontal_select": 2,
  "omniverse": 2,
  "persian_utils": 2,
  "rondy_bottom_navigation_bar": 2,
  "save_image": 2,
  "spotify_playback": 2,
  "testhaipham_example": 2,
  "tinylog": 2,
  "widgets_visibility_provider": 2,
  "yui": 2
}
(tool: dart-lang/pub-dev#3900 https://github.com/dart-lang/pub-dev/pull/3900)

I think it is not worth to detect multiple files, rather the package should follow a predefined layout, where the license file selection is clearly defined.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/dart-lang/pana/issues/92#issuecomment-667123532, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAEFCXNEDVKF77B3ARHVZTR6LCIVANCNFSM4D2ZVY5Q .

jonasfj commented 4 years ago

Your analysis is missing package:yaml, but I agree, a single LICENSE file should do.

isoos commented 4 years ago

Your analysis is missing package:yaml

Yeah, we were not detecting the -license.txt files. However, I'd argue that the package should have a single entry point where I can understand the (composite) license easily, without having to look whether there are additional files. That file could be a single (common) license block, or a description of what is the effective license of the package.

isoos commented 4 years ago

Closing, as we've settled on detecting only a single license.

dart-lang / pana

Detect multiple licenses #92