bf4
commented
9 years ago Awesome, thanks! :rainbow:
Closed bf4 closed 9 years ago
bf4
commented
9 years ago Awesome, thanks! :rainbow:
ghost
commented
8 years ago Please, release new gem version for this change to have effect…
ghost
commented
8 years ago After analizing my Gemfile with license_finder I've found several dependencies with unknown license status:
bin/license_finder
Dependencies that need approval:
attribute_normalizer, 1.2.0, unknown
bundler, 1.11.2, unknown
bundler-audit, 0.5.0, GPLv3
json, 1.8.3, unknown
unicorn-rails, 2.2.1, unknown
xpath, 2.0.0, unknownI looked through their gemspecs and found one thing they all had in common: array-based license declaration style (licenses = ['MIT']). While more than 100 other dependencies which were properly marked as MIT-licensed had another, plain license declaration style (license = 'MIT'). This makes me think it could be fixed just by changing this style.
See https://github.com/pivotal/LicenseFinder#a-plea-to-package-authors-and-maintainers
bf4
commented
7 years ago @korobkov Not sure what your point is here. Multiple licenses is legit and even in your reference
one or more licenses
Depending on what exactly you're doing, you might be comparing the license in your installed gem to the license on master in github, which are not necessarily the same.
RubyGems.org doesn't report a license for your gem. This is because it is not specified in the gemspec of your last release.
via e.g.
Including a license in your gemspec is an easy way for rubygems.org and other tools to check how your gem is licensed. As you can imagine, scanning your repository for a LICENSE file or parsing the README, and then attempting to identify the license or licenses is much more difficult and more error prone. So, even for projects that already specify a license, including a license in your gemspec is a good practice. See, for example, how rubygems.org uses the gemspec to display the rails gem license.
There is even a License Finder gem to help companies/individuals ensure all gems they use meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough issue that even Bundler now generates gems with a default 'MIT' license.
I hope you'll consider specifying a license in your gemspec. If not, please just close the issue with a nice message. In either case, I'll follow up. Thanks for your time!
Appendix:
If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), GitHub has created a license picker tool. Code without a license specified defaults to 'All rights reserved'-- denying others all rights to use of the code. Here's a list of the license names I've found and their frequencies
p.s. In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :). See the previous link or my blog post about this project for more information.