Speaking as a lawyer (i.e., someone who always reads licenses, at whatever cost to my brain cells) I agree it would be nice to surface this information within the package system, much like dependencies or documentation.
But speaking as a package developer, the idea that the package system could have heuristics to determine “compatible” licenses is sticky as molasses. Let’s suppose someone violates the heck out of my license. “But the package system said I could!” So who’s responsible — the licensee or the package system? Ultimately, responsibility for adhering to a license rests on the licensee. Thus, making it easy to make informed choices: good; making it easy to evade responsibility: not so good. On Thursday, September 3, 2015 at 8:50:00 AM UTC-7, Greg Hendershott wrote: > > The following may seem like a random feature request. But it does > relate to dependencies and backward compatibility. (And as long as > people are talking about enhancing, and/or layering something on top > of, the existing package system....) > > Licenses. > > Licenses determine what packages you may depend on. > > And a change in licenses is potentially a significant form of backward > incompatibility. > > 1. I'd like packages to have meta-data about their license. > > 2. I'd like raco pkg to warn (by default; could be disabled) if missing. > > 3. Ideally there'd be some UID for each common license. Making it > simple to filter while searching for packages. > > Even if there were UIDs for only a half dozen common ones -- such as > "none", "explicitly public domain", "LGPL", "GPL", and "MIT" -- that > would be helpful. > > 4. Really ideally? There'd also be some taxonomy/rules about > compatibility. Making it simple to search for "packages I can use > when my project uses license X". And also, to do a transitive check, > and point out any problems. > > Even though the compatibility rules ought to have a big IANAL > disclaimer, it would be a helpful head-start on flagging things that > probably do or do not need AL's attention. > > ---- > > Do any other package systems do this? > > Does someone else already maintain the IDs and rules in 3 and 4? > > ---- > > Maybe this is the sort of thing that could be handled "socially"? OTOH > we welcome assistance with other kinds of dependency checking. > > Maybe this is a solution in search of a problem, today? OTOH as the > number of packages grows, and given how frequently people forget to > supply any license.... > -- You received this message because you are subscribed to the Google Groups "Racket Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-dev+unsubscr...@googlegroups.com. To post to this group, send email to racket-dev@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-dev/fa5db8db-88a5-4bec-b615-ffcdd1ceaa3c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
