From: Mike Gerwitz <mtg@gnu.org>
To: swedebugia <swedebugia@riseup.net>
Cc: guix-devel@gnu.org
Subject: Re: NPM importer
Date: Tue, 20 Nov 2018 20:41:15 -0500 [thread overview]
Message-ID: <87zhu3b41w.fsf@gnu.org> (raw)
In-Reply-To: <23f36a0d-a5ef-5457-1d8e-61fbebda91c4@riseup.net> (swedebugia@riseup.net's message of "Tue, 20 Nov 2018 22:12:18 +0100")
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Tue, Nov 20, 2018 at 22:12:18 +0100, swedebugia wrote:
> I wonder how many are free software? 90%? 50%?
>
> I hope we can automate this some way.
The JavaScript community has poor licensing practices, and the culture
is somewhat hostile to the ideals of the free software movement (they
focus on permissive licensing to empower non-free software developers
using those libraries).
The package.json has a license field, but package.json is often
auto-generated and I think is MIT Expat by default. It is metadata---I
can't imagine it carries any legal weight by itself. Consequently, we'd
have to fall back on COPYING or LICENSE files (of various sorts) in the
projects. Even then, a project may contain things under various licenses.
Further, since there tend to be many really small packages, if _any_ one
of those is missing proper license information, then anything that
depends on it will be non-free. Since npm doesn't ensure that its
packages are actually free, the odds of there being some sort of
licensing issue---just by sheer number---are probably higher than we
would like them to be. I'm not suggesting malice; it may be
accidental, or maybe someone knows nothing about licensing and simply
never attached a license to begin with (making it non-free by default).[0]
There's also the risk of any of these projects using incompatible
licenses.
Both GitLab and GitHub detect licenses on projects. I forget the name
of the software they use to do that (and it may not be the same for both
of them), and it's probably not perfect, but something like that may
help with automation.
[0]: https://blog.github.com/2015-03-09-open-source-license-usage-on-github-com/
(as of 2015)
- --
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJb9Le7AAoJEIyRe39dxRuijsQP/19DjT/G4/806rbtECrZAOeB
DhsWG6fm4rFkv9VbdVgKFASF2qIYSmq8p3yiVHwaNNoV0HcUurK/Gz44880S9EPO
EnHoN7naBYEzv1JRkGFdiHh6eEeUsGPdt4RB1/bunjY4K3EOfeSVQWWeXlDjI4GK
KKsLqNto00ESiwkDW2FOvElnUwfkFa1i+mtc48PbNtoy0VPie9kid51NDQLw4fZG
4VTU+kExeBHriq1AsNREWOQB2Ctg09ydkrzTvzlg4kucnFp8S3ohvbLoSoPil0YH
09hihN/sSwtws2BkMjgB2cO/y46MZeRsvazDD6ZZNyz3PqVZYsPa+5F0eFp7MlpV
a56lsND20IEtmITUZsaIx+W4F71iLJPIVWMN0NZA/rMgEntWSgexSx3w9RFZNYWH
m3UAyACIV9M9WDlTN/OJ/Q98clJ8G3AcZ3M5hKMyvtupctMWxZmDhY3dEGGeavvv
AKIXJ0Qau0mi9HFvT4eusfyih01kCFGddMcUCkY7QY6yuDxg1hHglM75t6YHvfwP
4lZlCywwC6UMazpv0QO6KMOhq7pwEVsXvn9agZR9gd5d18H+6EMv0AogNrh2a48u
HFtRNSMx4woFxXUGd2P50/Zy8hJFyijMbLyksLkxfr7HcTfJ+hUGb1e94xuEdZzr
xR/YjftLIOSzNUV9y20y
=F0Yh
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2018-11-21 1:41 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-11 10:41 NPM importer swedebugia
2018-11-11 15:37 ` Julien Lepiller
2018-11-19 23:29 ` swedebugia
2018-11-20 7:50 ` Julien Lepiller
2018-11-20 19:58 ` swedebugia
2018-11-20 21:12 ` swedebugia
2018-11-20 22:35 ` Julien Lepiller
2018-11-21 15:36 ` swedebugia
2018-11-21 1:41 ` Mike Gerwitz [this message]
2018-11-21 22:01 ` Brett Gilio
2018-11-21 23:22 ` swedebugia
2018-11-22 1:02 ` swedebugia
2018-11-22 5:43 ` Brett Gilio
2018-11-22 11:27 ` import libjs-*.deb from Debian? (was Re: NPM importer) Giovanni Biscuolo
2018-11-30 3:23 ` Ricardo Wurmus
2018-11-22 8:36 ` NPM importer Julien Lepiller
2018-11-24 13:47 ` swedebugia
2018-11-23 19:50 ` swedebugia
2018-11-30 3:17 ` Ricardo Wurmus
2018-11-30 14:17 ` Packaging async and underscore (Was: Re: NPM importer) swedebugia
2018-11-30 16:08 ` Packaging async and underscore Julien Lepiller
2018-11-30 16:44 ` swedebugia
2018-11-24 13:42 ` NPM importer swedebugia
2018-11-30 16:13 ` Improved NPM importer with blacklist (Was: Re: NPM importer) swedebugia
2018-11-30 16:24 ` Improved NPM importer with blacklist Julien Lepiller
2018-11-30 17:20 ` swedebugia
2018-11-30 23:27 ` Improved NPM importer with blacklist (Was: Re: NPM importer) swedebugia
2018-11-11 17:10 ` NPM importer Ludovic Courtès
2018-11-21 16:37 ` Giovanni Biscuolo
2018-11-21 17:15 ` Julien Lepiller
2018-11-22 9:29 ` Giovanni Biscuolo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zhu3b41w.fsf@gnu.org \
--to=mtg@gnu.org \
--cc=guix-devel@gnu.org \
--cc=swedebugia@riseup.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).