ebebbington
commented
4 years ago Wonder if it’s possible to spoof the license eg just write it manually, then it manages to pass the check? Like maybe I could just add “MIT something something” in the file, but it passes the checks
maximousblk
Copyright Management
All public modules published on Nest assume you want people to be able to use them freely (freedom 0 only). Further license info MUST be included in the readme and the module should be published with a
LICENSEfile.The license info will be available through the API. For that the
LICENSEfile should be in the root directory of the module. Then the license will be analyzed at publish time. If it is an unknown license, the API will returnUNKNOWNfor the license name.If a module is reported for copyright infringement through a legit DMCA (or equivalent) request, the module should be immediately unlisted and blocked from being accessed or updated (still accessible through arweave and listed in the API) and a clear notice should be displayed on the module's page and the cli using the
X-Deno-Errorheader. Then if the user wants to dispute the claim, they can request a manual review from the Nest team (not sure what happens here). And if someone wants to access the module through Nest for a legit reason, they will be granted a limited access key on request, which can be used the same way as private repositories do. After the request has been accepted and enacted, the request documents should be pushed to a publicdmcarepository where people can refer to. This is to ensure that people don't blame us for removing content without reason.Now the obvious question arises:
Yes, by definition all the modules are still immutable as they cannot be edited (mutated) but in extreme cases we need to take action against bad actors to prevent actions against us. And as we cannot remove it from the blockchain, all we can do is block access through our gateway to the artifact on the blockchain.