Check for allowed licenses

[hauleth]

It would be nice to have file like .licenses.exs that would contain list of allowed licenses and list of packages that are explicitly allowed. If there would be incompatible license and that package would be outside allowed scope the task should exit with exit code different from 0.

Such change would allow to integrate this tool into CI pipelines and would allow to provide quick review of dependencies licensing.

[unnawut]

Sounds good! Would you like to take that on, or leave it as a feature request?

[hauleth]

I can try to write such.

[unnawut]

Thanks! Let me know if I can help with anything :)

[unnawut]

I wonder though... since packages don't always have a complete license information, we might need some kind of tolerance level. E.g. what to do if the license couldn't be detected, what if the license defined in mix.exs and LICENSE file are conflicting, etc?

[hauleth]

@unnawut the point of this issue isn't to provide "fit them all" solution that will work always, but to provide users tool that would check if there is no copyleft license in their dependencies by accident.

[joladev]

I've used a tool like that before https://github.com/frapposelli/wwhrd and that approach worked pretty well (with blacklists, exceptions etc). Covers the "no copyleft" scenario, but gives you a way out with exceptions.

[joladev]

@unnawut I'll probably need to build that, would you be interested in merging that functionality into licensir or should I use licensir as a dependency?

[unnawut]

Sounds good to me. Since it is going to be your contribution, feel free to make the call on making it a pull request or a new library.

I'll be happy to review & accept the feature if you decide the former. For the latter, I'll be happy to refer to your tool on licensir's readme as well! 🎉