Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: How to allow my packages to be on pkg.go.dev #43356

Closed
pjebs opened this issue Dec 23, 2020 · 14 comments
Closed

x/pkgsite: How to allow my packages to be on pkg.go.dev #43356

pjebs opened this issue Dec 23, 2020 · 14 comments
Labels

Comments

@pjebs
Copy link
Contributor

@pjebs pjebs commented Dec 23, 2020

I have numerous packages such as: https://godoc.org/github.com/rocketlaunchr/dataframe-go & https://godoc.org/github.com/rocketlaunchr/dbq/v2 (and many more).

Since these packages have eccentric licenses, pkg.go.dev is not listing them.

On 13th of April, I sent an email to go-discovery-feedback@google.com explaining my situation.
On 14th of April, I got a response from @jba who said google will add my documentation to pkg.go.dev. I think he also mentioned they are building a site for people to authorize Google to display the documentation if they have non-standard licenses.

I am not sure what is happening with the authorization process. At the moment my package documentation is still invisible.

Thank you but that's just an ad hoc solution.

All my packages have the same license plus there are other people with repos that may have exotic licenses.

Isn't there a more durable solution that the lawyers could implement?

-PJ
From: Jonathan Amsterdam <jba@google.com>
Sent: Tuesday, 14 April 2020 10:35 PM
To: P J <X>
Subject: Re: [go.dev feedback] License issue (pkg.go.dev)
 
OK, I got permission and will mark your license as OK.

On Mon, Apr 13, 2020 at 7:26 PM P J <X> wrote:
None of the standard open-source licenses capture my intent.

Can you please go back to Google's lawyers and ask what needs to be done for a maintainer to indicate express and clear permission for google to list the API on the site. As a lawyer myself, I know that's all that's required.

github currently has a system where you can create a `.github` directory in the repo and put files in there that signal various things (issue template, funding/sponsorship details etc).
That is one way.

Another is perhaps a specific phrase in the license that Google's lawyers can write up that we can put into the license.

I feel this current policy will prevent high quality packages with "exotic" but reasonable licenses from being used in the Go eco-system.

Regards,

pjebs




From: Jonathan Amsterdam <jba@google.com>
Sent: Tuesday, 14 April 2020 12:20 AM
To: P J <X>
Cc: go-discovery-feedback@google.com <go-discovery-feedback@google.com>
Subject: Re: [go.dev feedback] License issue (pkg.go.dev)
 
Hi,
To answer your question in bold, I recommend you read Russ Cox's note on licenses and godoc.org, particularly the section beginning "Why does pkg.go.dev require a detected license to show docs?" I'll copy it here for convenience:

The teams working on the proxy and on pkg.go.dev have spent a lot of
time talking to Google's lawyers about what we can and can't do with
Go source code downloaded from the internet. The rule we've been given
to follow is that serving a pretty HTML version of the docs is
displaying a modified version of the original, and we can only do that
if there's a recognized known-good license that gives us that
permission.
When we adopted godoc.org from Gary Burd back in 2014, it did not
occur to any of us to put it through that kind of review. If we had,
maybe the community would have gone through this licensing pain
earlier. For now we are focusing on making changes to pkg.go.dev
rather than correcting past mistakes on godoc.org. (At this point,
more scrutiny of what godoc.org does is not likely to have an outcome
that anyone likes.)

We don't support special permissions for pkg.go.dev.

We currently support many licenses; see https://pkg.go.dev/license-policy. Perhaps there is one on the list that captures your intent.


On Mon, Apr 13, 2020 at 5:15 AM P J <X> wrote:
I am the maintainer of https://github.com/rocketlaunchr/dataframe-go. It is the #2 dataframe package in the Go ecosystem and used by lots of people and companies.

My package does not show up on https://pkg.go.dev/ but does appear on godoc.org.

I am in trouble because once godoc.org is retired, people won't be able to view my documentation.

My package has an "unusual" license. What is the rationale for pkg.go.dev displaying it but not godoc.org?


Is there some way (perhaps inserting a file in the repo) to indicate that I want pkg.go.dev to display documentation?

Regards,

pjebs
@gopherbot gopherbot added the pkgsite label Dec 23, 2020
@gopherbot gopherbot added this to the Unreleased milestone Dec 23, 2020
@julieqiu
Copy link
Contributor

@julieqiu julieqiu commented Dec 23, 2020

It seems like the intent for both of those modules is to have an MIT license:
https://github.com/rocketlaunchr/dataframe-go/blob/master/LICENSE
https://github.com/rocketlaunchr/dbq/blob/master/LICENSE

Per https://pkg.go.dev/license-policy:

If you are a package author who believes a license for one of your packages should have been detected and was not, please check for discrepancies between your license and the official text.

The text we use for the MIT license is at https://opensource.org/licenses/MIT.

Since April, we have also open sourced our codebase. You can also run our code for license detection. See here for an example.

/cc @jba

@julieqiu julieqiu modified the milestones: Unreleased, pkgsite/licenses Dec 23, 2020
@pjebs
Copy link
Contributor Author

@pjebs pjebs commented Dec 23, 2020

No, the intent is not an MIT license. It's a derivative of a MIT license.

@mvdan
Copy link
Member

@mvdan mvdan commented Dec 25, 2020

Why a derivative? That makes it much harder for projects/software like pkgsite to know that it's actually open source. I assume it means a human lawyer would have to manually read and evaluate the license, which does not scale if thousands of Go modules required that kind of work.

@pjebs
Copy link
Contributor Author

@pjebs pjebs commented Dec 25, 2020

No!

Firstly, Google clearly doesn't really care since they are already displaying exotically licensed documentation in godoc.org and have been for 5+ years. If they were genuinely concerned about any legal ramifications, they would have pulled down certain godoc pages years ago.

Secondly, as an ex-lawyer myself, I suspect the pkg.go.dev team received faulty legal advice. I can't imagine that a talented in-house lawyer was consulted on this issue and/or they were not properly explained the scenario to give quality legal advice. I'm sure Google's elite lawyers are working on far more important matters.

Finally, as explained in the email to @jba, I mentioned that all that is required (if google is risk adverse), is some key phrase to be inserted into the license that permits pkg.go.dev to display it. Alternatively, a special .go.dev directory similar to github's .github directory for a special authorisation document to be placed in there.

I mentioned this way back in April 2020 in my email.

Alternatively an authorization portal can be created where the maintainer can authorize google to display the documentation.

Now in a few weeks time, my documentation for some key packages in the Go eco-system are going to go invisible.

@mvdan
Copy link
Member

@mvdan mvdan commented Dec 27, 2020

Firstly, Google clearly doesn't really care

Please be nice. Otherwise there's no point in raising issues or trying to find a solution.

If they were genuinely concerned, they would have pulled down certain godoc pages years ago.

I believe this is part of why godoc.org needs to be taken down in favor of pkg.go.dev - because the older site did not do a good job at only showing/redistributing code which it was allowed to. But don't quote me on this, as I'm not an expert.

Lastly, you make some suggestions to possibly fix this problem, so I think we should wait until the maintainers are back and can comment on those. I imagine most people will be back in a week's time.

@jba
Copy link
Contributor

@jba jba commented Dec 29, 2020

Sorry, your license was approved some time ago but we never followed up. Your packages should appear shortly after our next release, in early January.

Please list the modules with this license so we can reprocess them.

@pjebs
Copy link
Contributor Author

@pjebs pjebs commented Dec 30, 2020

github.com/rocketlaunchr/*
and github.com/pjebs/*

@jba
Copy link
Contributor

@jba jba commented Jan 5, 2021

These should be OK now. Let me know if I missed something.

@jba jba closed this Jan 5, 2021
@pjebs
Copy link
Contributor Author

@pjebs pjebs commented Jan 5, 2021

Rocketlaunchr/dbq doesn't show docs (for version 2)

@pjebs
Copy link
Contributor Author

@pjebs pjebs commented Jan 13, 2021

@jba
Copy link
Contributor

@jba jba commented Jan 14, 2021

OK, just re-fetched it. Wait 10 minutes for it to time out of cache.

I thought I had done it before and checked it...let's keep an eye on it to make sure it sticks.

@pjebs
Copy link
Contributor Author

@pjebs pjebs commented Jan 14, 2021

Thanks @jba for your assistance!

@pjebs
Copy link
Contributor Author

@pjebs pjebs commented Jan 14, 2021

Why was v2 of dbq treated differently from v1? if I create a v3, would that suffer from the same issue?

@jba
Copy link
Contributor

@jba jba commented Jan 14, 2021

I had to manually reprocess each module to replace its entry in our database. The puzzling thing is that the reprocess command for v2 was in my shell history...

New modules (and new versions of old modules) will be processed as they arrive and should be fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants