-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/pkgsite: Override licensecheck logic #52554
Comments
IANAL, but you can see how that raises issues. "This is a BSD-3 license, even though it clearly states that you cannot redistribute our software." How would a court rule on that? For the same reason, we do not look at SPDX identifiers. If your wording is not too divergent or idiosyncratic, consider a PR that modifies https://github.com/google/licensecheck/blob/main/licenses/BSD.lre. That way everyone can learn about your variant. As a fallback, we may be able to add it to https://go.googlesource.com/pkgsite/+/refs/heads/master/internal/licenses/exceptions. |
Ah, good point. Let me therefore ask a more technical question: What threshold does pkg.go.dev require for a license to be considered a match? I'll use that to see if a modest change to |
Each License Regular Expression (LRE) is binary: it either matches some text, or it doesn't. 75% of the file must be matched by some LRE. (Some license files are concatenations of multiple licenses.) Your LICENSE.md sort of looks like a BSD-3 license; there's not a lot of extra text. I would expect it to be close to the BSD-3 LRE. I didn't look carefully enough to see where it diverges. If you can point out the differences to me, perhaps we can see how to tweak the LRE together. |
Thanks for your offer to help. A
In particular, the list of conditions (the three clauses that make up BSD-3-Clause) and the final no-warranties/no-liability paragraph are unmodified apart from filling in the copyright-holder placeholders. If I delete the "bonus" paragraph and the BSD-3-Clause assertion I inserted in my failed attempt to pass the license check, my LICENSE.md passes with flying colors:
Given that, what do you suggest? A quick Web search reveals that the line "The Government is granted for itself and others acting on its behalf a nonexclusive, paid-up, irrevocable worldwide license in this material to reproduce, prepare derivative works, distribute copies to the public, perform publicly and display publicly, and to permit others to do so" appears with only minor wording changes in a number of different licenses. Is it possible—and would it help—to tell the matcher that this line is a no-op for comparing licenses? I believe the point it's making is that regardless of the terms laid out in the rest of the license, the U.S. Government has permission to make the material freely available if it so chooses. That shouldn't affect one way or the other pkg.go.dev's ability to reformat the documentation for presentation online. |
Sorry I haven't replied; I'm attending a multi-day meeting. I hope to revisit this Friday or next Monday. |
It looks like I may be allowed by my institution to move the troublesome paragraph from It would still be helpful to others releasing software paid for in part by the US Government if the license checker knew to ignore text that looks like a US Government rights clause. Does that sound like a practical feature addition? |
I'm sorry I haven't had the bandwidth to pursue this. Although I agree on the general solution, it would be much better for all at this point if you moved the paragraph. |
Done. |
What is the URL of the page with the issue?
https://pkg.go.dev/github.com/lanl/clp
What is your user agent?
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Screenshot
What did you do?
Navigated to https://pkg.go.dev/github.com/lanl/clp
What did you expect to see?
Documentation
What did you see instead?
A notice that "Documentation not displayed due to license restrictions."
Commentary
clp is licensed under what's really a BSD-3-Clause license. Unfortunately, my institution dictates specific wording that's just different enough from the stock wording that licensecheck reports too low confidence for pkg.go.dev to show the documentation:
Is there some way a license file can indicate that it really is some particular license, despite what the checker is able to discern? As you can see, I added the BSD-3-Clause URL to clp's
LICENSE.md
file, but this merely increases licensecheck's confidence rather than forcing it to honor the specified license.If there's no such feature, let's treat this as a feature request.
(This issue is somewhat related to #49155.)
The text was updated successfully, but these errors were encountered: