gunicorn icon indicating copy to clipboard operation
gunicorn copied to clipboard

Published 20 hours ago verified publisher icon benoitc

Web site build accidentally included in pypi releases

Open tsaarni opened this issue 1 year ago • 2 comments

Request: remove the docs/build directory from future pypi releases.

Background:

Recent pypi release packages contain the full web site docs in docs/build/ directory, while the older releases only contained the placeholder files e.g. docs/site/install.html which redirects to https://gunicorn.org/.

For example, see 21.2.0 release here.

The website files can mistakenly cause gunicorn to be flagged to contain GPL license by license scanners. The files docs/build/html/_static/js/html5shiv.min.js and docs/build/html/_static/js/html5shiv-printshiv.min.js in the release package, coming via Read the Docs theme, have GPL2 license text (link). However, this is false flag: even when considering these are now part of gunicorn release, it is clarified here in html5shiv project, that those files are dual-licensed and user is free to pick MIT over GPL2.

tsaarni avatar Dec 07 '23 15:12 tsaarni

hrm odd I will fix it. thanks for the notice

benoitc avatar Dec 07 '23 17:12 benoitc

As a minimal fix for excluding generated html duplicates (and bundled _static that comes with those) from sdist, appending recursive-exclude docs/build * to MANIFEST.in seems reasonable.

pajod avatar Jun 08 '24 07:06 pajod