kaihowl / dotfiles

@kaihowl does dotfiles
MIT License
5 stars 0 forks source link

License check / reporting #772

Open kaihowl opened 7 months ago

kaihowl commented 7 months ago

Goal

Track licenses of used tools in dotfiles.

Proposal

Incorporate a LICENSE file into each subfolder. For 1:1 mapping of folder to tools, the tool will simply state the license of the tool with a SPDX identifier. For folders incorporating multiple tools (e.g., nvim with plugins), collect all licenses.

The format of the license file will be

<TOOLNAME>\t<SPDX identifier>

The total license file for dotfiles will be stored in the root folder by concatenating all (lexicographically sorted) subfolders' licenses and by prepending a header.

This root license file will be validated by CI to be up to date.

To validate that individual license files are up to date, a best effort approach is taken: For brew-installed libraries we use brew info and scrape the license info out. Due to this, we will constrain the license checking for macOS only in CI. Yet, the license file will equally extend to all supported platforms. There is no library that has different licenses for different platforms. For vim plugins we scan the installed folder of the plugins for LICENSE/LICENCE files.

Considered alternatives

Use a full blown license validation tool: Discarded as it is too involved. I don't expect many changes / additions of tools or changes of licenses in tools. A bare-bones validation is sufficient.

kaihowl commented 7 months ago
$ find . -mindepth 1 -maxdepth 1 -type d | wc -l
43
$ find . -maxdepth 2 \( -iname 'LICENSE*' -or -iname 'LICENCE*' \) | wc -l
33

10 nvim plugins without a license. Those are:

$ diff <(find . -mindepth 1 -maxdepth 1 -type d | cut -f2 -d/ ) <(find . -maxdepth 2 \( -iname 'LICENSE*' -or -iname 'LICENCE*' \) | cut -f 2 -d/)
< vim-fubitive
< vim-trailing-whitespace
6,7d3
< vim-surround
< linediff.vim
10d5
< vim-textobj-argument
16d10
< vim-repeat
26d19
< vim-unimpaired
30,31d22
< vim-fugitive
< vim-abolish
35d25
< gruvbox
kaihowl commented 7 months ago

scripts mirrored from https://www.vim.org/scripts/ have no clear license. This applies to vim-textobj-argument and linediff.vim

gruvbox has MIT in the readme file.

Tim Pope's plugins are all distributed under the vim license, which is convertible to GPL.

kaihowl commented 7 months ago

All the ones using common/download.sh:

kaihowl commented 7 months ago

Check brew installs next.

kaihowl commented 1 month ago

Finished the licenses from nvim plugins. fzf-lua AGPL was changed to an MIT license instead.

kaihowl commented 1 month ago
$ brew info --installed --json | jq '.[] | .license' brews.json | sort | uniq -c
   1 "(BSD-3-Clause OR GPL-2.0-only) AND BSD-2-Clause AND MIT"
   1 "(GPL-2.0-or-later OR LGPL-3.0-or-later) AND (Unicode-TOU AND Unicode-DFS-2016) AND GPL-3.0-or-later AND LGPL-2.1-or-later AND FSFAP-no-warranty-disclaimer"
   1 "0BSD AND GPL-2.0-or-later"
   1 "Apache-2.0 OR BSD-2-Clause"
   2 "Apache-2.0 OR MIT"
   5 "Apache-2.0"
   1 "BSD-2-Clause AND GPL-2.0-or-later"
   8 "BSD-2-Clause"
   1 "BSD-2-Clause-Patent"
  16 "BSD-3-Clause"
   1 "CC0-1.0 OR Apache-2.0"
   2 "CC0-1.0"
   1 "EPL-1.0"
   1 "FTL"
   1 "GD"
   1 "GPL-2.0-only OR LGPL-3.0-or-later"
   1 "GPL-2.0-only WITH GCC-exception-2.0"
   3 "GPL-2.0-only"
   2 "GPL-2.0-or-later AND LGPL-2.1-or-later"
   1 "GPL-2.0-or-later OR LGPL-2.1-or-later OR MPL-1.1+"
   1 "GPL-2.0-or-later OR LGPL-3.0-or-later"
   7 "GPL-2.0-or-later"
   1 "GPL-3.0-or-later AND (GPL-3.0-or-later WITH Autoconf-exception-3.0)"
   9 "GPL-3.0-or-later"
   2 "ICU"
   1 "IJG AND Zlib AND BSD-3-Clause"
   2 "ISC"
   1 "JasPer-2.0"
   2 "LGPL-2.0-or-later"
   1 "LGPL-2.1-only OR MPL-1.1"
   1 "LGPL-2.1-or-later AND GPL-2.0-or-later"
   1 "LGPL-2.1-or-later AND GPL-3.0-only"
   1 "LGPL-2.1-or-later AND GPL-3.0-or-later AND FSFULLR"
   7 "LGPL-2.1-or-later"
   2 "LGPL-3.0-or-later OR GPL-2.0-or-later"
   1 "MIT AND Unicode-DFS-2015"
  34 "MIT"
   1 "MIT-Modern-Variant AND GPL-2.0-only AND GPL-2.0-or-later AND ISC"
   1 "MPL-2.0"
   1 "OLDAP-2.8"
   1 "PSF-2.0"
   3 "Python-2.0"
   2 "Unlicense"
   1 "blessing"
   1 "libpng-2.0"
   1 "libtiff"
kaihowl commented 1 month ago

Before finishing this ticket, let's try using nixpkg successfully. With gain the ability to easily track licenses across all packages (same as brew + the common/download.sh installed packages).