Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doesn't find go-spew license in parent directory #18

Closed
ijc opened this issue May 4, 2018 · 2 comments
Closed

Doesn't find go-spew license in parent directory #18

ijc opened this issue May 4, 2018 · 2 comments

Comments

@ijc
Copy link

ijc commented May 4, 2018

I am vendoring github.com/davecgh/go-spew v1.1.0 (using vndr) and it is used as github.com/davecgh/go-spew/spew (I'm not using it directly, github.com/stretchr/testify/assert, which I have also vendored, uses it).

I end up with:

$ tree vendor/github.com/davecgh/
vendor/github.com/davecgh/
└── go-spew
    ├── LICENSE
    ├── README.md
    └── spew
        ├── bypass.go
        ├── bypasssafe.go
        ├── common.go
        ├── config.go
        ├── doc.go
        ├── dump.go
        ├── format.go
        └── spew.go

2 directories, 10 files

However the license is not found:

ERRO[0000] Found Non-Approved license                    license=unrecognized package="github.com/davecgh/go-spew/spew"

I suppose this is because the license is one level up compared to the actual go package.

I appreciate that you likely don't want to keep moving up the directory tree looking for license files due to the possibility for false positives. Although maybe just checking exactly the immediate parent of an imported package would be safe enough?

I also suppose you don't want to have to know about the vendor.conf (or other) files in order to be able to figure out the granularity of the vendored repositories vs the go packages.

With those (reasonable) constraints I can't think of a way to handle this automatically but perhaps a field in the config file which mapped go package names to their license files might be acceptable. e.g.

licenses:
    github.com/davecgh/go-spew/spew: github.com/davecgh/go-spew/LICENSE

(telling it that the license for github.com/davecgh/go-spew/spew is in that file, perhaps /... syntax would be useful to).

This seems better than using the existing exception mechanism since it would still perform the check that the license is an allowed one (even if it subsequently changes etc).

If the named file didn't exist that would be an error (if the license got renamed it might also have changed so manual intervention should be required).
@frapposelli
Copy link
Owner

Hi @ijc unfortunately the issue here is with the LICENSE wording in github.com/davecgh/go-spew. It's a well-known issue, in fact it has been fixed already (davecgh/go-spew@e250ec7) but it has yet to make its way into a tagged release (v1.1.0 doesn't have it).

I would suggest to put github.com/davecgh/go-spew in the exception list of your .wwhrd.yml file once you're confident with the LICENSE wording that the version you're using has.

@ijc
Copy link
Author

ijc commented May 6, 2018

Thanks, I added an exception for now already. Glad it turned out to be something so trivial rather than the complex beast I was imagining!

@ijc ijc closed this as completed May 6, 2018
@TBBle TBBle mentioned this issue Nov 15, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frapposelli @ijc