http-accept icon indicating copy to clipboard operation
http-accept copied to clipboard
verified publisher icon socketry

Add LICENSE file containing MIT license

Open pdoconnell opened this issue 6 years ago • 1 comments

While your README contains the MIT license, the project itself does not contain any of the LICENSE, LICENSE.txt, or LICENSE.md files that are expected as the source of truth for licensing. As a result, your project typically breaks in automated dependency scanners such as Synopsis BlackDuck. Can you please add this file?

pdoconnell avatar Sep 16 '19 13:09 pdoconnell

If I adopt this, consistently, I need to do it across about 200~300 repositories which all have the license in the README and in the individual code files.

I think if the license tool can't figure out the license from the README, or the source code itself, it's a bit crappy.

I do see the value in this, just not sure I like the additional overhead to work around what is essentially a short coming in that particular license scanning system.

And it's definitely possible for it to be extracted, e.g.

% cd http-accept
% licensee
License:        MIT
Matched files:  README.md
README.md:
  Content hash:  1c73eef59f47444264133146d476ce03a76be630
  Confidence:    90.00%
  Matcher:       Licensee::Matchers::Reference
  License:       MIT

GitHub also refuses to detect license from README, even thought they use licensee gem, they disabled detection from README, I'm not sure why.

So, because I'm at a time deficit right now, and because I like to be consistent, I can't consider introducing such a thing at this point in time. However, I do appreciate your effort. Maybe in the first instance, we can see if it's possible to fix the license detection tooling you are using. Because I can't be the only one who thinks having a LICENSE file is overly verbose.

If it turns out that's not feasible, then l'd be more open to fixing this issue here. But I like to fix issues at the source.

ioquatix avatar Oct 18 '19 23:10 ioquatix

While I understand your sentiment about correctness, it only hurts us(the users) to not do this

Sadly, most scanning software are closed source and changing how they work is harder than it sounds. Even if we convince some of them to also look at the README files, it might take years before they prioritize and release such change if at all. It will also take years for organizations and individuals to install such update

While I am not aware of any standard, most repos have a separate LICENSE file and that's what major scanning software look at. Your current setup is not the norm and it only hurts users to do so

I understand your capacity concerns, and I am willing to help you to do this in bulk if you agree to do it

yeikel avatar Jan 24 '23 16:01 yeikel

I've already started doing it in bulk but it hasn't been applied to this gem yet. I'm happy to take a look when I have capacity.

ioquatix avatar Jan 24 '23 20:01 ioquatix

Okay, it's done: https://github.com/socketry/http-accept/blob/main/license.md and will be included in the next release.

ioquatix avatar Feb 05 '24 04:02 ioquatix