licensed icon indicating copy to clipboard operation
licensed copied to clipboard

Published 20 hours ago verified publisher icon github

NuGet source should emit licenseUrl as the license source when URL is well-known

Open zarenner opened this issue 5 years ago • 0 comments

If a <licenseUrl> element in a .nuspec file is recognized as a well known license, the sources field is the "auto-generated" text rather than the URL itself.

Expected:

name: Serilog.Sinks.Console
version: 3.1.1
type: nuget
homepage: https://github.com/serilog/serilog-sinks-console
summary: A Serilog sink that writes log events to the console/terminal.
license: apache-2.0
licenses:
- sources: https://www.apache.org/licenses/LICENSE-2.0
  text: |2
                                     Apache License

Actual:

name: Serilog.Sinks.Console
version: 3.1.1
type: nuget
homepage: https://github.com/serilog/serilog-sinks-console
summary: A Serilog sink that writes log events to the console/terminal.
license: apache-2.0
licenses:
- sources: Auto-generated Apache-2.0 license text
  text: |2
                                     Apache License

Note that licensee first tries to match on the nuspec's <license> field, and falls back to <licenseUrl>. It would therefore not be appropriate to use the licenseUrl if licensee had actually matched on <license>, since <licenseUrl> could potentially be a different license.

As such, this may require either:

  1. Changes to licensee to make it clear which field the PackageManagerFile matched on
  2. Duplication of the relevant licensee code in licensed to determine which matched

Also, for the sake of discussion: A potential argument against fixing this is that since we didn't actually download the well-known URL's contents, the auto-generated license text is likely to be slightly different (e.g. formatting) than the actual page. Is it appropriate to say that the license text came from a URL when it didn't?

zarenner avatar May 15 '20 22:05 zarenner