There's a few classes of checks we can do.
If the package has a META.yml, it should have a license field. There are
about a dozen legitimate values.
license 'restrictive'
The is an absolute positive match for a disallowed license.
A check covering the above case could safely be added immediately.
Beyond that you have three additional cases...
- The license value exists but is not a known type
- There is no license value in the META.yml
- There is no META.yml
Beyond that it means we'd have to start guessing about copyright and
licensing. And yes, I think we'd want to take our time with any tools
that might pass summary judgment on other people's code.
But the primary goal would be to guarantee survivability for modules
where the original author can't be found.
And while I don't suggest we reject by default (yet) putting the hooks
in place to handle at least the basic known-good/known-bad/unknown
trinary logic would probably be useful.
Adam K
Andreas J. Koenig wrote:
On Fri, 24 Feb 2006 14:13:21 +1100, Adam Kennedy <[EMAIL PROTECTED]> said:
> Would it be worth adding a check to PAUSE to reject any distribution
> for which a license/copyright either cannot be determined at all, or
> it can be determined that it is a non-open-source (i.e. "restricted")
> license.
> At the very least, this would catch people forgetting to add
> copyright/licences, and make sure those modules can be maintained at a
> later date.
What tools do we have to identify the licensing of a distribution?
I'd like to see a picture of the status quo with regard to licensing
and want to check the quality of existing tools before thinking about
steps to be taken.
