I guess there's an interesting discussion lurking here too, on what license requirements should be applied to all packages that we register in METADATA. One of the reasons that npm could just restore left-pad to the package repositories without consent from the author, is that the code was released under the WTFPL <https://en.wikipedia.org/wiki/WTFPL>. With a restrictive or proprietary license (e.g. "you may use this code, but not redistribute it"), I guess npm's laywers would have had a little more to think about.
According to the readme on the METADATA repository, a package must be licensed under an Open Source Initiative <https://opensource.org/> approved license, which I guess covers our bases here as long as that policy is also enforced. I assume that there are other package manager vendors that are reading the fine prints in all their EULA's now, though. NuGet.org (the largest package host for .NET libraries), for example, hosts loads of packages with just binaries - no source code - and there is no (enforced) licensing policy there. // T On Thursday, March 24, 2016 at 12:21:32 PM UTC+1, Tony Kelman wrote: > > We have a JuliaPackageMirrors organization that automatically mirrors git > repositories of registered packages. If someone deleted their repositories > on github, we can adjust the metadata url to point to the mirror.
