On 10/18/2013 04:36 PM, Anatol Belski wrote:
On Fri, 2013-10-18 at 14:26 -0700, Hannes Magnusson wrote:
On Sun, Oct 13, 2013 at 3:57 AM, Anatol Belski <[email protected]> wrote:
Commit: f49cf969de7ff71fbd96b5814cc0ca8695c9b0b5
Author: Anatol Belski <[email protected]> Sun, 13 Oct 2013 12:57:33 +0200
Parents: 78cc88deae3cdce68ddab5ac035bdb76122986e2
Branches: old_auth
Link:
http://git.php.net/?p=web/pecl.git;a=commitdiff;h=f49cf969de7ff71fbd96b5814cc0ca8695c9b0b5
Log:
check for the LICENSE or COPYING presence in tarballs
Changed paths:
M public_html/release-upload.php
Diff:
diff --git a/public_html/release-upload.php b/public_html/release-upload.php
index 221f941..ffc8842 100644
--- a/public_html/release-upload.php
+++ b/public_html/release-upload.php
@@ -89,8 +89,27 @@ do {
$errors[] = 'package.xml v1 format is not supported anymore,
please update your package.xml to 2.0. ';
break;
}
- $display_form = false;
- $display_verification = true;
+
+ $license_found = false;
+ foreach ($info->getFileList() as $file_name => $file_data) {
+ if ("doc" != $file_data["role"]) {
+ continue;
+ }
+
+ /* Don't compare with basename($file_data["name"]), the license
has
+ to be in the package root. */
+ if (in_array($file_data["name"], array("LICENSE", "COPYING"))) {
+ $license_found = true;
Is there a reason for a explicit check of these file names?
What if it ends in .txt, .md, .rst, .html, .ps, .doc or whatever?
Also, this is a epic change in uploading releases procedures and
requires a gigantic notice and weeks of headsup to all pecl ext
authors.
Please revert this asap so people can continue uploading their
releases. We need to give people time to adjust.
Here one can read why the file is LICENSE or COPYING, that's the
standard way.
http://producingoss.com/en/license-quickstart.html#license-quickstart-applying
It's hard to believe to me that question is asked seriously from your
side, is it? I really cant imagine that including a license is some
"epic info", especially for people making opensource. Like you, like me,
or anyone else on this lists. They don't need to be led by mommy at hand
with explanation why a license is good. Be frankly and tell, if you
download some random tarball with OSS, will you most likely find a
LICENSE in there or not?
Another point is that you keep repeating "windows" while the relation to
any binary distribution was clearly stated. The point just has come,
where the need for clear license information is collapsed for multiple
parties. It's needed for binary distributions under windows and linux.
Yes, we can parse package.xml, the google search and even files named
schnitzel, but is that the goal? And that'll never work properly anyway.
And whil a PECL package contains source only, there are reasons as well
to put a separate license file in there, for more here for instance
http://softwarefreedom.org/resources/2012/ManagingCopyrightInformation.html
Whereby I don't really think it were drastically new to anyone. Or I
completely err who you are.
Talking about 300+ packages having to do that effort isn't realistic.
Really usable packages (at least 5.3/4/5 compatible) by now are about
200 or less. Really active - maybe 100 or less. I've no access to the
PECL site database, a couple selects could deliver better stats. I can
just guess from what I've seen preparing the windows build system, that
a half of the exts will sadly never release again, and the other half or
more already has a license file. In fact, many of the really active
projects already had the lic file included by themselves before this
change. So who needs the mommy?
Concerns about the efforts of putting one file into the source code,
aren't that blanks? That is just a one time action except some project
changes the license on each release. That's the question of overhelming
ones own laziness. And that new requirements was announced to the PECL
and internals list. And the info was put into the PECL wiki,
README.SELF-CONTAINED-EXTENSIONS and other readme in the php-src. And
the ext/skeleton was extended to generate the correct version macros.
And the version macros was fixed in most active svn/git extensions under
php.net hood. Yes, i must confess that i forgot to activate ads on CNN
about it, then it were huge enough :)
In any case, I really hold what is done for right. While it's left to
everyones personal judgement. In my opinion that has something to do
with respecting your own work. It has to do with playing in team with
downstream distributors and respecting their work, as well as everyones
else. And it has to do with what OSS spirit is.
For all above, please don't bring down the good initiative. Please
encourage everyone to include the license. I expect this from you ASAP
as from a person i know doing opensource for a long time in various
ways.
Best Regards
Anatol
The sudden change had put me in a position that I personally can't
quickly resolve so I'm blocked from distributing source code. I would
appreciate if the upload requirements were reverted to their
historical behavior. I still haven't tracked down where there was any
pre-warning about such a hard restriction. Even if there was any
warning, its not surprising that questions are being raised now, given
the overwhelming flood of information in a typical developer's day.
Today there was some IRC discussion agreeing there should be a warning
or grace period.
In the long term the strict upload enforcement probably won't be an
issue.
Along with the revent/relaxation/enhancement to the pecl.php.net, the
upload name checks need to be changed to handle the naming issues
Hannes raised above. You can see his mongo package supplies a
LICENSE.md file.
I'm sure everyone wants their extensions to be widely available.
Having upload validation to warn about issues is entirely appropriate.
Preventing uploads purely because of issues with non-source downloads
and distribution packaging is obviously more contentious or this
thread might not exist. It raised into question what the purpose of
pecl.php.net is.
Chris
PS The 'pecl package-validate' option needs to be in sync with
pecl.php.net and warn about (or require) a LICENSE file.
--
[email protected] http://twitter.com/ghrd
Free PHP & Oracle book:
http://www.oracle.com/technetwork/topics/php/underground-php-oracle-manual-098250.html
--
PECL development discussion Mailing List (http://pecl.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
