You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a <licenseUrl> element in a .nuspec file is recognized as a well known license, the sources field is the "auto-generated" text rather than the URL itself.
Expected:
name: Serilog.Sinks.Console
version: 3.1.1
type: nuget
homepage: https://github.com/serilog/serilog-sinks-console
summary: A Serilog sink that writes log events to the console/terminal.
license: apache-2.0
licenses:
- sources: https://www.apache.org/licenses/LICENSE-2.0
text: |2
Apache License
Actual:
name: Serilog.Sinks.Console
version: 3.1.1
type: nuget
homepage: https://github.com/serilog/serilog-sinks-console
summary: A Serilog sink that writes log events to the console/terminal.
license: apache-2.0
licenses:
- sources: Auto-generated Apache-2.0 license text
text: |2
Apache License
Note that licensee first tries to match on the nuspec's <license> field, and falls back to <licenseUrl>. It would therefore not be appropriate to use the licenseUrl if licensee had actually matched on <license>, since <licenseUrl> could potentially be a different license.
As such, this may require either:
Changes to licensee to make it clear which field the PackageManagerFile matched on
Duplication of the relevant licensee code in licensed to determine which matched
Also, for the sake of discussion: A potential argument against fixing this is that since we didn't actually download the well-known URL's contents, the auto-generated license text is likely to be slightly different (e.g. formatting) than the actual page. Is it appropriate to say that the license text came from a URL when it didn't?
The text was updated successfully, but these errors were encountered:
If a
<licenseUrl>
element in a .nuspec file is recognized as a well known license, thesources
field is the "auto-generated" text rather than the URL itself.Expected:
Actual:
Note that
licensee
first tries to match on the nuspec's<license>
field, and falls back to<licenseUrl>
. It would therefore not be appropriate to use thelicenseUrl
if licensee had actually matched on<license>
, since<licenseUrl>
could potentially be a different license.As such, this may require either:
licensee
to make it clear which field the PackageManagerFile matched onlicensee
code inlicensed
to determine which matchedAlso, for the sake of discussion: A potential argument against fixing this is that since we didn't actually download the well-known URL's contents, the auto-generated license text is likely to be slightly different (e.g. formatting) than the actual page. Is it appropriate to say that the license text came from a URL when it didn't?
The text was updated successfully, but these errors were encountered: