Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go: document how licenses are added to modules that are nested in a repository #44758

Open
mdempsky opened this issue Mar 3, 2021 · 10 comments
Labels
Documentation NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone

Comments

@mdempsky
Copy link
Member

mdempsky commented Mar 3, 2021

https://pkg.go.dev/github.com/mit-plv/fiat-crypto/fiat-go

The fiat-crypto project is triple licensed under MIT OR Apache-2.0 OR BSD-1-Clause (https://github.com/mit-plv/fiat-crypto/blob/master/COPYRIGHT), but pkg.go.dev isn't recognizing this. It's instead saying the license isn't known.

Incidentally, it seems like maybe https://pkg.go.dev/license-policy should be updated to support BSD-1-Clause?

Related: #40171

@mdempsky
Copy link
Member Author

mdempsky commented Mar 3, 2021

So https://pkg.go.dev/github.com/mit-plv/fiat-crypto/fiat-go@v0.0.0-20210303142032-cc0899379641/32/curve25519 now correctly shows the license, but https://pkg.go.dev/github.com/mit-plv/fiat-crypto/fiat-go@v0.0.0-20210303132348-f524ab755084/32/curve25519 still doesn't. Presumably this is because of mit-plv/fiat-crypto@d12f145.

For repos where there's no go.mod at the top level, is it expected that the copyright files have to be explicitly duplicated into the go.mod-containing subdirectory? That seems surprising to me.

@julieqiu
Copy link
Member

julieqiu commented Mar 3, 2021

For repos where there's no go.mod at the top level, is it expected that the copyright files have to be explicitly duplicated into the go.mod-containing subdirectory?

Yes, pkg.go.dev fetches modules from proxy.golang.org, and those license files are not in https://proxy.golang.org/github.com/mit-plv/fiat-crypto/fiat-go/@v/v0.0.0-20210303132348-f524ab755084.zip.

Incidentally, it seems like maybe https://pkg.go.dev/license-policy should be updated to support BSD-1-Clause?

Yup, BSD-1-Clause should listed on https://pkg.go.dev/license-policy. Thanks for catching.

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/298289 mentions this issue: internal/licenses: add BSD-1-Clause

@julieqiu julieqiu modified the milestones: Unreleased, pkgsite/unplanned Mar 3, 2021
@mdempsky
Copy link
Member Author

mdempsky commented Mar 3, 2021

Why does https://proxy.golang.org/golang.org/x/tools/gopls/@v/v0.6.6.zip contain ./golang.org/x/tools/gopls@v0.6.6/LICENSE when that file does not appear in https://github.com/golang/tools/tree/master/gopls (or https://github.com/golang/tools/tree/gopls/v0.6.6/gopls)?

@julieqiu
Copy link
Member

julieqiu commented Mar 3, 2021

My understanding is that files named LICENSE in the top level module (golang.org/x/tools in this case) will be added its nested modules (golang.org/x/tool/gopls). Related: #43817

/cc @katiehockman @heschik @hyangah

@mdempsky
Copy link
Member Author

mdempsky commented Mar 3, 2021

Reading through that issue, I understand the difficulties now. Thanks.

Is this behavior documented somewhere? The inconsistency here seems pretty surprising to me.

@julieqiu
Copy link
Member

julieqiu commented Mar 3, 2021

Not that I know of.

/cc @stevetraut @bcmills @jayconrod @matloob who might be working on documentation for this.

gopherbot pushed a commit to golang/pkgsite that referenced this issue Mar 3, 2021
For golang/go#44758

Change-Id: I95113cda4ce0b071e44c5a75b676e28a7d3d508a
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/298289
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
@julieqiu julieqiu changed the title x/pkgsite: no license detected for github.com/mit-plv/fiat-crypto/fiat-go cmd/go: document how licenses are added to modules that are nested in a repository Mar 3, 2021
@julieqiu julieqiu added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Documentation and removed pkgsite labels Mar 3, 2021
@julieqiu julieqiu modified the milestones: pkgsite/unplanned, Unreleased Mar 3, 2021
@jayconrod
Copy link
Contributor

This probably should be documented, at least in https://golang.org/ref/mod. Anywhere else?

@julieqiu
Copy link
Member

julieqiu commented Mar 3, 2021

It might also be useful to add this to the FAQ of https://proxy.golang.org.

@mdempsky
Copy link
Member Author

mdempsky commented Mar 4, 2021

FWIW, I notice that https://pkg.go.dev/github.com/mit-plv/fiat-crypto/fiat-go?tab=licenses lists MIT and Apache 2, but not BSD-1. I guess that's because it's in a LICENSE-BSD file, which pkgsite doesn't look for.

Is it possible to have that added too? Or maybe pkgsite should check any file in the root directory that matches "\bLICEN[CS]E\b"?

lrewega added a commit to lrewega/zap that referenced this issue Nov 27, 2023
The documentation for module `uber.go/zap/exp` is not eligible to be
rendered on pkg.go.dev as no license is detected. For example,
https://pkg.go.dev/go.uber.org/zap/exp@v0.2.0/zapslog will not render.

This is due to some possibly unfortunate behavior in the Go command that
special cases copying a `LICENSE` file from the repository for root for
any nested modules lacking a `LICENSE` file. This is problematic for Zap
as Zap's license is in a file named `LICENSE.txt`. Renaming the license
file to `LICENSE` remedies the issue.

Relevant issues:
- golang/go#43817 (comment)
- golang/go#44758 (comment)
r-hang pushed a commit to uber-go/zap that referenced this issue Nov 27, 2023
The documentation for module `uber.go/zap/exp` is not eligible to be
rendered on pkg.go.dev as no license is detected. For example,
https://pkg.go.dev/go.uber.org/zap/exp@v0.2.0/zapslog will not render.

This is due to some possibly unfortunate behavior in the Go command that
special cases copying a `LICENSE` file from the repository for root for
any nested modules lacking a `LICENSE` file. This is problematic for Zap
as Zap's license is in a file named `LICENSE.txt`. Renaming the license
file to `LICENSE` remedies the issue.

Relevant issues:
- golang/go#43817 (comment)
- golang/go#44758 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Documentation NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Development

No branches or pull requests

4 participants