Open hairyhenderson opened 2 months ago
Here is the full list of packages without documentation due to missing LICENSE files
Another side effect is that the go tooling will download the module with "synthesized" BUSL license file while it should be MPL:
$ mkdir test
$ cd test
$ go mod init example.com/m
go: creating new go.mod: module example.com/m
$ go get github.com/hashicorp/vault/api/auth/azure
...
$ go mod download --json github.com/hashicorp/vault/api/auth/azure | jq .Dir
"/home/tsaarni/go/pkg/mod/github.com/hashicorp/vault/api/auth/azure@v0.6.0"
$ head /home/tsaarni/go/pkg/mod/github.com/hashicorp/vault/api/auth/azure@v0.6.0/LICENSE
License text copyright (c) 2020 MariaDB Corporation Ab, All Rights Reserved.
"Business Source License" is a trademark of MariaDB Corporation Ab.
Parameters
Licensor: HashiCorp, Inc.
Licensed Work: Vault Version 1.15.0 or later. The Licensed Work is (c) 2024
HashiCorp, Inc.
Additional Use Grant: You may make production use of the Licensed Work, provided
Your use does not include offering the Licensed Work to third
This can throw off tooling that depend on the info, such as go-licenses which reports error "cannot find a known open source license" and prints it as Unknown instead of MPL
$ go-licenses report github.com/hashicorp/vault/api/auth/azure
github.com/hashicorp/vault/api/auth/azure,Unknown,Unknown
The behavior of go module license is described here https://go.dev/ref/mod#vcs-license
When the go command creates a .zip file for a module that is not in the repository root directory, if the module does not have a file named LICENSE in its root directory (alongside go.mod), the go command will copy the file named LICENSE from the repository root directory if it is present in the same revision.
Describe the bug
If you try to read the Go docs for e.g. the
github.com/hashicorp/vault/api/auth/aws
module, this error message shows up:This is despite that module apparently being licensed as MPL-2.0 (see the SPDX header here, for example).
It seems this is due to how the license detection works (listed here: https://pkg.go.dev/license-policy).
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I believe that all that's needed here is for a
LICENSE
file to be added to the root of the module (/api/auth/aws
) to indicate that the module is MPL-2.0-licensed.Environment:
n/a
Additional context
I'm reporting this as a bug because being able to easily read Go docs is important functionality to any Go module.