x/pkgsite: support symlinks or LICENSES directory #40586
Comments
ALTree
added
FeatureRequest
NeedsInvestigation
|
Please see this post to understand why we check licenses and godoc.org doesn't. For legal reasons, we cannot consider SPDX headers authoritative. We must verify the license text itself. A |
|
Please see [this
post](https://groups.google.com/g/golang-dev/c/mfiPCtJ1BGU/m/qtCrqlrEEwAJ)
to understand why we check licenses and godoc.org doesn't.
Thanks for the background and clarification.
For the record, the following link also works without having a Google
account.
https://groups.google.com/d/msg/golang-dev/mfiPCtJ1BGU/qtCrqlrEEwAJ
A `LICENSES` directory is a reasonable request. We'll look into it.
That would be very cool, thanks. Alternatively, could a license hint or
link to such a file also be included in the go.mod file, for example?
|
|
I don't think the go.mod file is the right place for that sort of information. We don't add information to go.mod that is obtainable elsewhere, or that is language-agnostic. |
|
Any updates? After closing down the good old godoc.org and redirecting to the new pkg.go.dev thingy, there is no more documentation for properly licensed code. A promising alternative seems to be godocs.io. However, for my next release I will add a |
hyangah
added
the
pkgsite/license
The SPDX-headers list which license texts are to be verified in the first place. E.g. there are many repositories, where the LICENCES file or COPYING file does not list all licenses used in the repository. So if you are believing this, from a legal point of view, you should also be able to believe the SPDX headers.
Yes, please make it reuse.software compatible. What would have to be done for this? |
|
One current example of the problem is https://pkg.go.dev/github.com/csaf-poc/csaf_distribution/v2@v2.2.0/csaf . |
According to https://pkg.go.dev/license-policy the detector https://github.com/google/licensecheck is used and here is the relevant issue: google/licensecheck#53 |
|
We currently have no cycles to add the LICENSES directory. I would pursue other options. |
On a project I am working on, I recently implemented the Free Software Foundation Europe's REUSE (repository) recommendations for licensing. The used licenses are the GNU GPL for code and CC0 for some other stuff, both listed as supported licenses.
In a nutshell, REUSE stores all licenses named as their SPDX identifier in a
LICENSESdirectory. Furthermore, each file starts with a SPDX header.Because GitHub does not handled this, I created a
LICENSEsymlink to the GPL file within theLICENSESdirectory. GitHub then at least detects the presence of a license. (Edit: GitHub only detects aLICENSEfile exists, but does not follow the symlink. Thus, I removed the symlink.)However, the pkg.go.dev page is currently not able to process this. Furthermore, the documentation is "not displayed due to license restrictions". Compared to this, the old GoDoc has no limitations in this regard. Sorry, this is annoying.
Would it be possible to adjust pkg.go.dev to
LICENSESdirectory,detect and follow symlinks, or(Edit: see edit above)Thanks a lot for all the great work!
The text was updated successfully, but these errors were encountered: