x/pkgsite: support symlinks or LICENSES directory #40586
Comments
ALTree
added
FeatureRequest
|
Please see this post to understand why we check licenses and godoc.org doesn't. For legal reasons, we cannot consider SPDX headers authoritative. We must verify the license text itself. A |
|
Please see [this
post](https://groups.google.com/g/golang-dev/c/mfiPCtJ1BGU/m/qtCrqlrEEwAJ)
to understand why we check licenses and godoc.org doesn't.
Thanks for the background and clarification.
For the record, the following link also works without having a Google
account.
https://groups.google.com/d/msg/golang-dev/mfiPCtJ1BGU/qtCrqlrEEwAJ
A `LICENSES` directory is a reasonable request. We'll look into it.
That would be very cool, thanks. Alternatively, could a license hint or
link to such a file also be included in the go.mod file, for example?
|
|
I don't think the go.mod file is the right place for that sort of information. We don't add information to go.mod that is obtainable elsewhere, or that is language-agnostic. |
|
Any updates? After closing down the good old godoc.org and redirecting to the new pkg.go.dev thingy, there is no more documentation for properly licensed code. A promising alternative seems to be godocs.io. However, for my next release I will add a |
hyangah
added
the
pkgsite/license
The SPDX-headers list which license texts are to be verified in the first place. E.g. there are many repositories, where the LICENCES file or COPYING file does not list all licenses used in the repository. So if you are believing this, from a legal point of view, you should also be able to believe the SPDX headers.
Yes, please make it reuse.software compatible. What would have to be done for this? |
|
One current example of the problem is https://pkg.go.dev/github.com/csaf-poc/csaf_distribution/[email protected]/csaf . |
According to https://pkg.go.dev/license-policy the detector https://github.com/google/licensecheck is used and here is the relevant issue: google/licensecheck#53 |
|
We currently have no cycles to add the LICENSES directory. I would pursue other options. |
Copy of primary license in project root created to address error 'Documentation not displayed due to license restrictions.' when using pkg.go.dev. It's caused by missing support for 'LICENSE/' sub-folder and Reuse structure. Required till appropriate fix in https://github.com/golang/pkgsite Refs: golang/go#40586 Refs: google/licensecheck#53
Copy of primary license in project root created to address error 'Documentation not displayed due to license restrictions.' when using pkg.go.dev. It's caused by missing support for 'LICENSE/' sub-folder and Reuse structure. Required till appropriate fix in https://github.com/golang/pkgsite Refs: golang/go#40586 Refs: google/licensecheck#53
Would you be willing to accept a well tested patch? |
|
Sorry, the coding isn't the hard part. This change would probably require the intervention of Google's legal department, and a re-evaluation of many of the existing modules. |
Reuse compatibility would not change the legal status the documentation is under, so why would the legal department be a stakeholder? The legal evaluation which documentation can be shown would stay the same. |
|
@bernhardreiter that sounds right, but since neither of us are lawyers and this change affects what license(s) apply to to a module, we would have to consult a lawyer to make sure. In other words, your reasoning is absolutely sound and correct, but it is not legal reasoning, which is often neither. In any case, it's the evaluation of a large corpus of modules to gauge the effect of this change that is the real time suck. We simply don't have the bandwidth for a change of this magnitude right now. |
|
@jba I have a bit of working experience with lawyers, and my idea is: If we can technically show that the resulting modules from the software change that are acceptable are exactly the same, then there is no legal change and thus no need for legal review. A sort of automatic test could make sure that the evaluation result for existing modules would be the same. Otherwise I would see if the Reuse people have contacts to Google's lawyers to get some support there. In the end the result would be more more legal clarity through better marking and this is something that all people want and should make the legal folks happy as well. |
Copy of primary license in project root created to address error 'Documentation not displayed due to license restrictions.' when using pkg.go.dev. It's caused by missing support for 'LICENSE/' sub-folder and Reuse structure. Required till appropriate fix in https://github.com/golang/pkgsite Refs: golang/go#40586 Refs: google/licensecheck#53
On a project I am working on, I recently implemented the Free Software Foundation Europe's REUSE (repository) recommendations for licensing. The used licenses are the GNU GPL for code and CC0 for some other stuff, both listed as supported licenses.
In a nutshell, REUSE stores all licenses named as their SPDX identifier in a
LICENSESdirectory. Furthermore, each file starts with a SPDX header.Because GitHub does not handled this, I created a
LICENSEsymlink to the GPL file within theLICENSESdirectory. GitHub then at least detects the presence of a license. (Edit: GitHub only detects aLICENSEfile exists, but does not follow the symlink. Thus, I removed the symlink.)However, the pkg.go.dev page is currently not able to process this. Furthermore, the documentation is "not displayed due to license restrictions". Compared to this, the old GoDoc has no limitations in this regard. Sorry, this is annoying.
Would it be possible to adjust pkg.go.dev to
LICENSESdirectory,detect and follow symlinks, or(Edit: see edit above)Thanks a lot for all the great work!
The text was updated successfully, but these errors were encountered: