Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NuGet source should emit licenseUrl as the license source when URL is well-known #269

Open
zarenner opened this issue May 15, 2020 · 0 comments

Comments

@zarenner
Copy link
Contributor

If a <licenseUrl> element in a .nuspec file is recognized as a well known license, the sources field is the "auto-generated" text rather than the URL itself.

Expected:

name: Serilog.Sinks.Console
version: 3.1.1
type: nuget
homepage: https://github.com/serilog/serilog-sinks-console
summary: A Serilog sink that writes log events to the console/terminal.
license: apache-2.0
licenses:
- sources: https://www.apache.org/licenses/LICENSE-2.0
  text: |2
                                     Apache License

Actual:

name: Serilog.Sinks.Console
version: 3.1.1
type: nuget
homepage: https://github.com/serilog/serilog-sinks-console
summary: A Serilog sink that writes log events to the console/terminal.
license: apache-2.0
licenses:
- sources: Auto-generated Apache-2.0 license text
  text: |2
                                     Apache License

Note that licensee first tries to match on the nuspec's <license> field, and falls back to <licenseUrl>. It would therefore not be appropriate to use the licenseUrl if licensee had actually matched on <license>, since <licenseUrl> could potentially be a different license.

As such, this may require either:

  1. Changes to licensee to make it clear which field the PackageManagerFile matched on
  2. Duplication of the relevant licensee code in licensed to determine which matched

Also, for the sake of discussion: A potential argument against fixing this is that since we didn't actually download the well-known URL's contents, the auto-generated license text is likely to be slightly different (e.g. formatting) than the actual page. Is it appropriate to say that the license text came from a URL when it didn't?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant