-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Licence audit #7343
Comments
Since I cannot claim copyright over the code in |
As a header in the code, e.g. via the |
Looks like SPDX does include a disclaimer covering this case https://spdx.org/licenses/CC-PDDC.html . (I've always been certain that I don't have the right to define the license for code I didn't write.) |
@rolandwalker Public domain seems a reasonable choice in that situation imo. |
That is compatible with the GPLv3 and therefore good enough, right? Among all the packages on the Emacsmirror (which is a superset of the packages distributed by Melpa) there are currently only three whose license I couldn't extract. [And two of those are mirrored directly from the fsf. I reported the issue and nothing happened. It's a bit annoying to say the least.] So I don't think there really is anything we have to do. If you want I can give you lists of packages whose licensing terms are hard to detect programmatically. We already did the real work a few years ago. All that is left to do is to improve how the terms are specified in a few cases that depart to far from the conventions. Personally I consider |
See https://github.com/emacscollective/elx/blob/01ad699c562887dfe135f21dbf65d72cfe7d9cd9/elx.el#L362 for a list suboptimal permission statements found in the wild. That list does contains a few phrases that really should be replaced with a header keyword with a supported value, a proper permission statement and/or a license file. If someone wants to work the the maintainers to get that done, then I can provide the list of packages that should be improved, but I don't want to do that work myself. |
Some packages are not explicitly licensed, and we should either actively stop hosting these, or work with maintainers to remedy the situation. An example would be
anaphora
, not to single out @rolandwalker particularly. A good starting point would be to at least determine which single-file packages have no license (or spdx) header. Multi-file packages would need their-pkg.el
file inspecting. Bulk cross-referencing with the github API to determine repo licenses would also be a useful approach. I think we should work towards having the license displayed on the package pages, and maybe even in the package list.The text was updated successfully, but these errors were encountered: