Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go: document how licenses are added to modules that are nested in a repository #44758

Open
mdempsky opened this issue Mar 3, 2021 · 10 comments
Open

Comments

@mdempsky
Copy link
Member

@mdempsky mdempsky commented Mar 3, 2021

https://pkg.go.dev/github.com/mit-plv/fiat-crypto/fiat-go

The fiat-crypto project is triple licensed under MIT OR Apache-2.0 OR BSD-1-Clause (https://github.com/mit-plv/fiat-crypto/blob/master/COPYRIGHT), but pkg.go.dev isn't recognizing this. It's instead saying the license isn't known.

Incidentally, it seems like maybe https://pkg.go.dev/license-policy should be updated to support BSD-1-Clause?

Related: #40171

@mdempsky
Copy link
Member Author

@mdempsky mdempsky commented Mar 3, 2021

So https://pkg.go.dev/github.com/mit-plv/fiat-crypto/fiat-go@v0.0.0-20210303142032-cc0899379641/32/curve25519 now correctly shows the license, but https://pkg.go.dev/github.com/mit-plv/fiat-crypto/fiat-go@v0.0.0-20210303132348-f524ab755084/32/curve25519 still doesn't. Presumably this is because of mit-plv/fiat-crypto@d12f145.

For repos where there's no go.mod at the top level, is it expected that the copyright files have to be explicitly duplicated into the go.mod-containing subdirectory? That seems surprising to me.

@julieqiu
Copy link
Contributor

@julieqiu julieqiu commented Mar 3, 2021

For repos where there's no go.mod at the top level, is it expected that the copyright files have to be explicitly duplicated into the go.mod-containing subdirectory?

Yes, pkg.go.dev fetches modules from proxy.golang.org, and those license files are not in https://proxy.golang.org/github.com/mit-plv/fiat-crypto/fiat-go/@v/v0.0.0-20210303132348-f524ab755084.zip.

Incidentally, it seems like maybe https://pkg.go.dev/license-policy should be updated to support BSD-1-Clause?

Yup, BSD-1-Clause should listed on https://pkg.go.dev/license-policy. Thanks for catching.

@gopherbot
Copy link

@gopherbot gopherbot commented Mar 3, 2021

Change https://golang.org/cl/298289 mentions this issue: internal/licenses: add BSD-1-Clause

@julieqiu julieqiu removed this from the Unreleased milestone Mar 3, 2021
@julieqiu julieqiu added this to the pkgsite/unplanned milestone Mar 3, 2021
@mdempsky
Copy link
Member Author

@mdempsky mdempsky commented Mar 3, 2021

@julieqiu
Copy link
Contributor

@julieqiu julieqiu commented Mar 3, 2021

My understanding is that files named LICENSE in the top level module (golang.org/x/tools in this case) will be added its nested modules (golang.org/x/tool/gopls). Related: #43817

/cc @katiehockman @heschik @hyangah

@mdempsky
Copy link
Member Author

@mdempsky mdempsky commented Mar 3, 2021

Reading through that issue, I understand the difficulties now. Thanks.

Is this behavior documented somewhere? The inconsistency here seems pretty surprising to me.

@julieqiu
Copy link
Contributor

@julieqiu julieqiu commented Mar 3, 2021

Not that I know of.

/cc @stevetraut @bcmills @jayconrod @matloob who might be working on documentation for this.

gopherbot pushed a commit to golang/pkgsite that referenced this issue Mar 3, 2021
For golang/go#44758

Change-Id: I95113cda4ce0b071e44c5a75b676e28a7d3d508a
Reviewed-on: https://go-review.googlesource.com/c/pkgsite/+/298289
Trust: Julie Qiu <julie@golang.org>
Run-TryBot: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
@julieqiu julieqiu changed the title x/pkgsite: no license detected for github.com/mit-plv/fiat-crypto/fiat-go cmd/go: document how licenses are added to modules that are nested in a repository Mar 3, 2021
@julieqiu julieqiu removed this from the pkgsite/unplanned milestone Mar 3, 2021
@julieqiu julieqiu added this to the Unreleased milestone Mar 3, 2021
@jayconrod
Copy link
Contributor

@jayconrod jayconrod commented Mar 3, 2021

This probably should be documented, at least in https://golang.org/ref/mod. Anywhere else?

@julieqiu
Copy link
Contributor

@julieqiu julieqiu commented Mar 3, 2021

It might also be useful to add this to the FAQ of https://proxy.golang.org.

@mdempsky
Copy link
Member Author

@mdempsky mdempsky commented Mar 4, 2021

FWIW, I notice that https://pkg.go.dev/github.com/mit-plv/fiat-crypto/fiat-go?tab=licenses lists MIT and Apache 2, but not BSD-1. I guess that's because it's in a LICENSE-BSD file, which pkgsite doesn't look for.

Is it possible to have that added too? Or maybe pkgsite should check any file in the root directory that matches "\bLICEN[CS]E\b"?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants