LicenseFinder icon indicating copy to clipboard operation
LicenseFinder copied to clipboard

Published 20 hours ago verified publisher icon pivotal

Report who/why/when for whitelisted licenses

Open gutierlf opened this issue 9 years ago • 11 comments

In the generated reports, I only found this info for manual approvals.

gutierlf avatar Apr 09 '15 04:04 gutierlf

Hi @gutierlf ,

Thanks for opening this issue.

So that I completely understand what you mean, are you asking for the report to include information about who created the whitelist entry, along with explanations of why and when it was added to the whitelist (if the whitelister provided --who and --why)?

Thanks for using License Finder!

flavorjones avatar Apr 10 '15 20:04 flavorjones

Yes, exactly. Sorry for the lack of clarity. I see the --who and --why in the markdown-formatted reports for manually approved gems only, but I would also like to see the justification for whitelisting a license. I checked if it was an option in the CSV-formatted output, but I didn't find it there either.

I really like the tool, by the way.

gutierlf avatar Apr 10 '15 21:04 gutierlf

It's been a while so maybe not a lot of interest in adding this, but for what it's worth, I would also find this useful, especially when the approvals are for specific packages and not just licenses.

msakrejda avatar Sep 21 '20 21:09 msakrejda

I misunderstood the original request--I did not realize per-package why is present in the markdown report. I need the CSV report, and, if anyone is interested, I started a branch to add why to that: https://github.com/pivotal/LicenseFinder/compare/master...pganalyze:add-why . I'm not sure from a UX perspective if it's a good idea for that to fall back to the license why if the package is included via a permitted license--right now I'm not doing that and that's good enough for our needs, but I'm happy to continue the work to upstream the patch if there's interest.

msakrejda avatar Sep 28 '20 18:09 msakrejda

Hey @uhoh-itsmaciek and thanks for looking into this! I think that this could be useful and there shouldn't be an issue with just adding it to the CSV report. I'm not sure why it was excluded previously. I'm also not sure what you mean about fallback. Isn't this currently only available if you manually approve with the --why added? Or do you mean integrating this with permit and restrict commands as well?

This is a part of LF that I am not that familiar with so I am curious to see how people would use this. I think we can better define what "why" actually means, for example "why" is could just be defined as "Why I am running this command". We could add "why" to the permit and restrict options as well for licenses as I don't really see any downside to it.

xtreme-shane-lattanzio avatar Sep 29 '20 21:09 xtreme-shane-lattanzio

@xtreme-shane-lattanzio by "fall back" I meant "display the --why of the permitted license if the package was not manually approved". Right now my branch does not do that--it only displays the --why of the manual approval (if there was one). So yeah, integrating with the permitted_licenses and restricted_licenses subcommands. I guess that's what this issue is about, but for the markdown report--the csv format should probably be consistent with that.

We could add "why" to the permit and restrict options as well for licenses as I don't really see any downside to it.

Doesn't this already exist?

$ bundle exec license_finder permitted_licenses help add
Usage:
  license_finder permitted_licenses add LICENSE...

Options:
...
  [--why=WHY]                        # The reason for making this decision
...

msakrejda avatar Sep 30 '20 16:09 msakrejda

@uhoh-itsmaciek My bad I didn't realize that but you are absolutely right. I do see that markdown and csv being inconsistent can be confusing so we can do something about that. As for a why reason for non manual, do you have an idea of how that would be filled out or are you just suggesting to leave it blank for now?

xtreme-shane-lattanzio avatar Oct 02 '20 19:10 xtreme-shane-lattanzio

@xtreme-shane-lattanzio I was vaguely thinking of something like the --why of the oldest permitted license for the package, or perhaps the concatenated --whys of all licenses, prefixed with the license name or something like that. Maybe @gutierlf wants to weigh in as well, since they opened the original issue?

But maybe the first step is to add it for just manual approvals--that would bring the CSV format to par with HTML (I can open a separate issue for that if it's helpful--it's outside the scope of what this issue was originally about and I only commented here because I misunderstood it). Then this issue can separately be about including the permitted license --why in all reports.

msakrejda avatar Oct 05 '20 21:10 msakrejda

Hi @uhoh-itsmaciek. Thanks for checking in with me. In fact, it’s been years now since I’ve used this tool, so I don’t have much productive that I can add now. However, this thread has reminded me about the usefulness of this tool, and I may find a chance to start reusing it soon. Good luck.

gutierlf avatar Oct 06 '20 12:10 gutierlf

@uhoh-itsmaciek Feel free to make a PR fo the parity and we can punt the automated flow feature for later!

xtreme-shane-lattanzio avatar Oct 14 '20 14:10 xtreme-shane-lattanzio

I also needed the who and why of manual approvals in the CSV report. I've created a PR in #893.

jonathanbp avatar Mar 19 '22 11:03 jonathanbp