Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
pkg.go.dev: known licenses are not recognised and the site misrepresents license status of packages #35595
Note that I am aware that #35570 exists, however the method for providing feedback there is broken in that it will not work with firefox. Nor does it allow AFAICS nuanced conversation of issues, so I am reporting here.
It appears that the license recognition code used by pkg.go.dev has an unfortunately high false positive rate. Packages such as gonum.org/v1/gonum and modernc.org/cc, both of which have BSD-3-clause licenses (here and here) (note also that while the source code link for modernc.org/cc is provided on the overview at pkg.go.dev, even that is missing for the Gonum page).
This harms the packages where this happens by failing to present them to users and misrepresents the licensability of the packages potentially harming them by causing potential users to move on to other packages where the license is accepted.
Note also that it arguably does not properly cover the owner of go.dev since other packages that import and reflect the APIs of these lost packages may be rendered. For example k8s.io/kubernetes/pkg/controller/garbagecollector imports Gonum packages but does not present the Gonum license (and in fact shows the wrong license). In a clearer example, github.com/openshift/origin vendors a number of Gonum packages and pkg.go.dev thus misrepresents the license for openshift/origin by only showing the Apache license in its LICENSE file (and also in the search results).
Thanks for the issue. We are working to address the feedback widget issues on Firefox and we’re working to improve our license classification.
Please email firstname.lastname@example.org, as issues for pkg.go.dev are not tracked in this repository. I understand the desire to have an open, nuanced conversation, but it’s difficult to do so given the legal considerations surrounding licensing more generally. The moderators on that list are responsive and will do what they can to help.
Thanks for your patience on this.