New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Error on projects without a permissible license #7
Comments
If a repository happens to have no licence specified, which means that it doesn't allow for modification and redistribution, do we proceed to index it? |
We can add a check using the https://api.github.com/repos/open-sauced/repo-query/license endpoint before downloading the repo zip. |
The list of license keys is available here. @bdougie, I've derived a some license keys from the above that I believe are permissive. |
Right. For now, we should err on the side of caution and not proceed if there isn't a license. |
Those all look good to me: most software licenses have specific clauses for distribution and as long as we aren't modifying the actual source when getting it from GitHub, there shouldn't be any problem. I'd say go ahead with those as a starting point and we can explore from there! |
Right. I'm working on it. |
Type of feature
馃崟 Feature
Current behavior
Currently, on the
alpha
branch, any and all projects will be indexed. This includes project without permissible licenses (i.e., projects with hard copy left licenses). There is no way to filter based on the project's license.Suggested solution
We should find a way to dynamically check licenses of projects that are being queried / ingested:
LICENSE
,license.txt
,MIT-LICENSE
, etc.) - ideally, we'd use a well known crate for this. Maybe we can use whatcargo deny
uses internally to check for licensesAdditional context
See comments in #5 (comment)
Code of Conduct
Contributing Docs
The text was updated successfully, but these errors were encountered: