Sure thing. Thanks! On Fri, Nov 10, 2017 at 2:00 PM, José Valim <[email protected]> wrote:
> Hi, I agree such a Mix task can be useful but I don't see a reason for it > to be included as part of Elixir. So please do release it as a separate > project that folks can bring into their application as necessary. Thank you! > > > > *José Valimwww.plataformatec.com.br > <http://www.plataformatec.com.br/>Founder and Director of R&D* > > On Fri, Nov 10, 2017 at 4:37 AM, <[email protected]> wrote: > >> TLDR: Proposal of `mix deps.licenses` to list all depedencies' licenses >> for review, which can be very manually tedious but very important to do to >> stay legally safe. >> >> ----- >> >> Often times when developing an app, some new dependencies may be >> added/removed over time, some dependencies change their licenses throughout >> their lives. >> >> Especially in a team setting where multiple people may add/remove >> dependencies from the project, we need to periodically review the licenses >> used by our dependencies to make sure we are not violating them. Currently >> this can be tedious work as the licenses are specified in their respective >> Mixfile, and one project may have dozens of dependencies. (Worse is that a >> lot of packages don't define their `Mix.Project.config.package.licenses`, >> but that's a separate concern). >> >> So I would like to propose a `mix deps.licenses` task that extract ` >> Mix.Project.config.package.licenses` from each dependencies and output >> it on command line. This would be similar to `composer licenses` in PHP >> <https://getcomposer.org/doc/03-cli.md#licenses>. >> >> I tinkered a little with creating a simple mix task. This is the result I >> can extract using the `licenses` attribute: >> >> ``` >> $ mix deps.licenses >> >> poolboy: license undefined >> decimal: Apache 2.0 >> warning: String.strip/1 is deprecated, use String.trim/1 >> /path/to/project/deps/poison/mix.exs:4 >> >> poison: CC0-1.0 >> elixir_make: Apache 2 >> bcrypt_elixir: BSD >> db_connection: Apache 2.0 >> postgrex: Apache 2.0 >> ecto: Apache 2.0 >> ex_machina: MIT >> connection: Apache 2.0 >> poolboy: license undefined >> decimal: Apache 2.0 >> poison: CC0-1.0 >> elixir_make: Apache 2 >> bcrypt_elixir: BSD >> db_connection: Apache 2.0 >> rabbit_common: license undefined >> postgrex: Apache 2.0 >> ecto: Apache 2.0 >> connection: Apache 2.0 >> poolboy: license undefined >> meck: license undefined >> mock: MIT >> decimal: Apache 2.0 >> poison: CC0-1.0 >> elixir_make: Apache 2 >> db_connection: Apache 2.0 >> postgrex: Apache 2.0 >> ecto: Apache 2.0 >> connection: Apache 2.0 >> ranch: license undefined >> poolboy: license undefined >> decimal: Apache 2.0 >> poison: CC0-1.0 >> elixir_make: Apache 2 >> db_connection: Apache 2.0 >> phoenix_pubsub: MIT >> cowlib: license undefined >> cowboy: license undefined >> amqp_client: license undefined >> amqp: MIT >> mime: Apache 2 >> plug: Apache 2 >> phoenix: MIT >> postgrex: Apache 2.0 >> ecto: Apache 2.0 >> ``` >> >> Obviously there is more work to do: duplicate packages (packages having >> same dependencies), warnings as a result of `Mix.Dep.in_dependency`. But >> let me know this is worth adding (I think so!), would be happy to continue >> working and submit a PR for this. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "elixir-lang-core" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/elixir-lang-core/401033dd-db2f-4e5f-8935-4df9cee196e9% >> 40googlegroups.com >> <https://groups.google.com/d/msgid/elixir-lang-core/401033dd-db2f-4e5f-8935-4df9cee196e9%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "elixir-lang-core" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/elixir-lang-core/UHqv3ngKeEc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/elixir-lang-core/CAGnRm4Kjf_FaJzi6PBy1awDdmUVJxqQqNkzkZRC% > 3DP2wj_zLFHQ%40mail.gmail.com > <https://groups.google.com/d/msgid/elixir-lang-core/CAGnRm4Kjf_FaJzi6PBy1awDdmUVJxqQqNkzkZRC%3DP2wj_zLFHQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elixir-lang-core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elixir-lang-core/CAB%3DEmQSMsWVXc8jOKQqjoH_tN-0pcTZHaef0V-6ZXHisAjwERg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
