Michael Davey wrote:
Nicola Ken Barozzi wrote:
[snip details about licensing checks for Depot]
other ideas?
Is a requirement of Depot that the server-side must be plain http, or could it be a webapp?
Really http is better and much easier to setup, but a python script should b easy to set up nevertheless.
Some random thoughts:
1. When a jar is requested, the server returns either text/plain text/xml or text/html license document.
To get the actual jar, the client must generate a digest of the stream and request the same URL, with
"?digest=975fa1833806a09060638e0ca83c95e5" to get the actual jar. If the stream contains a
random seed, the digest check couldn't be skipped (because the digest would be different each time).
The idea is that the client would display the license and the user would have to agree before the jar
was downloaded. The html could include an "I agree" button at the bottom, so for web users
only a simple web client would be needed.
Very clever! :-)
A bit over what we need ATM, but definately a very interesting suggestion!
2. The webapp could read the license file directly from the jar and make it "appear" to be next to
the jar (as per your item #2). This eliminates a potential management problem of keeping the
two files in sync.
But if the jar does not contain the license itself? This is more a thing that an upload manager should do, and expand the jar license file when uploading.
3. Have you seen <http://creativecommons.org>? they have this nice idea of a license deed that is
easy to read. Again, if a webapp were used, you could provide a link next to each license file
that would display a summary of the key permissions, restrictions and requirements of the license.
I realise that web users aren't an important use-case for Depot, though.
Well, I had thought of this too, but the problem is that, if you think of it, the smallest summary of a license is the license itself. IOW, users must in any case read the whole license to be sure that it's compatible with another one or with what they are willing to use. I certainly don't want to make decisions for them on this matter.
I think that for a first step a policy file that lists all the OSI licenses that are allowed should be ok.
Thanks for the ideas :-)
--
Nicola Ken Barozzi [EMAIL PROTECTED]
- verba volant, scripta manent -
(discussions get forgotten, just code remains)
---------------------------------------------------------------------
