brian d foy wrote:
In article <[EMAIL PROTECTED]>, Adam Kennedy
<[EMAIL PROTECTED]> wrote:
But the primary goal would be to guarantee survivability for modules
where the original author can't be found.
I don't think we need to do anything to acheive that. We've already been
handling the situation quite well.
Well, the example of the moment is Data::UUID. It has no license at all,
and the original author has vanished. This means that it is illegal to
use Data::UUID at all, not to mention it violates the general "open
source only" rule for uploading to CPAN, and Ricardo Signes has
illegally modified it in order to fix bugs.
He of course can't add a license to it because he doesn't hold the
copyright, and so he has illegally uploaded a new version so people can
continue to illegally download and use it.
As a result (but also mainly because Data::UUID kind of sucks) he's
writing a new Data::GUID module while can be licensed properly.
I don't think rejecting a module will cause too much of a problem. After
all, we already spit out email errors in various other situations.
As we can see from the stats the others produced there are only 8 dists
out of 9500 with restrictive licenses that have been uploaded to CPAN
against the rules.
There are more that don't have any license which exist in a legal limbo.
But I don't think in principle it is unreasonable to check that a
distribution complies with the licensing rules of CPAN before allowing
them to upload to CPAN.
The question in my mind is, can we make the process simple enough and
easy enough that it won't cause any significant pain or support load.
Adam K
