From mboxrd@z Thu Jan 1 00:00:00 1970 From: swedebugia Subject: Re: NPM importer Date: Thu, 22 Nov 2018 00:22:54 +0100 Message-ID: References: <70F182DB-C157-4763-A4C6-89985545661C@lepiller.eu> <0e5afb2d-c182-6be4-ba2d-6a6f7dd45ac9@riseup.net> <1150DF84-4952-4401-A8D0-3E05A4D0EB74@lepiller.eu> <23f36a0d-a5ef-5457-1d8e-61fbebda91c4@riseup.net> <87zhu3b41w.fsf@gnu.org> <87va4qxf8e.fsf@posteo.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------FEA31BAF106721D46AFA1ACC" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47862) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gPbpp-0004sK-CY for guix-devel@gnu.org; Wed, 21 Nov 2018 18:23:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gPbpm-0004oA-Bx for guix-devel@gnu.org; Wed, 21 Nov 2018 18:23:05 -0500 In-Reply-To: <87va4qxf8e.fsf@posteo.net> Content-Language: en-US List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Brett Gilio , Mike Gerwitz Cc: guix-devel@gnu.org This is a multi-part message in MIME format. --------------FEA31BAF106721D46AFA1ACC Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable On 2018-11-21 23:01, Brett Gilio wrote: >=20 > Mike Gerwitz writes: >=20 >> The JavaScript community has poor licensing practices, and the culture >> is somewhat hostile to the ideals of the free software movement (they >> focus on permissive licensing to empower non-free software developers >> using those libraries). >=20 > To say the least. It will take a good deal of implementing a license > checker on the importer, as well as human verification to ensure that w= e > are maintaining a high ethical standard. We might want to use the same approach as licensee: "The solution Licensee automates the process of reading LICENSE files and compares=20 their contents to known licenses using a several strategies (which we=20 call "Matchers"). It attempts to determine a project's license in the=20 following order: If the license file has an explicit copyright notice, and nothing more=20 (e.g., Copyright (c) 2015 Ben Balter), we'll assume the author intends=20 to retain all rights, and thus the project isn't licensed. If the license is an exact match to a known license. If we strip away=20 whitespace and copyright notice, we might get lucky, and direct string=20 comparison in Ruby is cheap. If we still can't match the license, we use a fancy math thing called=20 the S=C3=B8rensen=E2=80=93Dice coefficient, which is really good at calcu= lating the=20 similarity between two strings. By calculating the percent changed from=20 the known license to the license file, you can tell, e.g., that a given=20 license is 95% similar to the MIT license, that 5% likely representing=20 legally insignificant changes to the license text." https://github.com/benbalter/licensee We could perhaps also semi-automate the generation of emails to authors=20 of the offending npm packages with unclear packages. Say only 1% of 470.000 has unclear license, that equals 4700 emails to=20 authors. :) In a hypothetical scenario with import of 20 npm packages a day it will=20 take us 477.000/20 =3D 23850 days =3D 65 years to import them all. In a hypothetical scenario with import of 500 npm packages a day it will=20 take us 477.000/500 =3D 954 days =3D 2,6 years to import them all. This is based on the assumption that all are free software, but that is=20 probably not the case. BTW ssb-patchwork had over 400 dependants in 10+ levels and the dotfile is=20 attached. The rendered png is crazy looking. Reminds me of the holy=20 spaghetti monster. A graph of all npm packages and top packages is also available:=20 https://exploring-data.com/info/npm-packages-dependencies/ --=20 Cheers Swedebugia --------------FEA31BAF106721D46AFA1ACC Content-Type: application/x-bzip; name="ssb-patchwork.dot.bz2" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ssb-patchwork.dot.bz2" QlpoOTFBWSZTWaPEBbsAID9fgAAQUAP/y0AAAAC////6YCOe7g4hVBsMVSBvAAAD30lddzdi zAkVbbtp1ZMnXdfDpzqgt2TtXrdktGhpdOK5bpXdbZZbWZqqWtrcdc5S7ffF7hHtrwTda1mm oYwin6aJpoE0mk0mo0AADINTyAgiEnqUyflTQA0B6gSaRIkNSn6p+o9JPU0AZAACT1UogU8m KekAAAAaBEkFPSZNJ6mSp+hUfpI0DIGCJIEECaGijalHqNAek0PKIgB/f+9HpEQAyiIAfv+v 9v7H/L/MLf0/3ufl13hv8Wh88vBlcIJX/unbFPy5eDHaIJIMWaCwJxG2tzSf9ddThv6grrdj 9SUo3gOzfh3NApQxTKt2w7rgsHtDr+4QoeDtsN/rpRBXanpI8Mnz3da8qc2ip3UdU9SRHluH WdOyE+M1RgIpFEpLMxkQ2WqsT5SXbYVc3en2ZokmilsOXDpuM7s/ehnif/GkB5OqNNhFAen6 d3FLtnJ0ikpRxzJKbUxq9NMlCB0KCjrQOU30NUm9bBhIXdClTa785bWeMpCUhUqkHQXGHDqx O1elDOjv6UQpdeMLWcck8UcIWcLxT9MUja+wobBEX+FGxtR9q6+Kk6SNn2Xd6ElMYwIv3O+X UPG4zqBGiINniUEoNSwj4+PM3zpuK5HXOHmVo9MTDPv/jXEMTdoUdM8H24ksZMUXTW7jcxIo KZDMgeyIy9OKaHpsyE7wHh37eBrVEMKlRUqoN1jPgy+ImaYXBOy7JkpM8LI6KPIo7ntS/Blt MhFWHnkzP9JOXBiBsW+Tjrp5+Hz66XVMJZoTCusdZffRvMcrZsESsBEuDSuDeYbzrMxhZSRI RCBSZg/lRyWO5h808QIM22KnFNbWbL2izSXfhIaMzzXcz1nZ6bfw/igu5LeeRf5pamnB4UqX p9WeQuq0+KhZ8paltbgVajBWkGq0HlR4O2V0wqi1s3mhLnbK6+zXGW6+/JL9y/tx3+OtkXEH 09y+HJL+0pShQnfZjHk1Vn1so21RH6X59NmVvjxtMJ3z2ebS0J4WncOuH7x2UTnC+ZXA2mAU ItZVZk0vwYPr/rdA3TvU5SglO/fxrfcwLSmFYi7aX+qL1ArTl0c3VPiiUS7FV3Y+wmFRVupQ elQNM0wsPSOfk+m7KfwXx7u4f4pSoWztQaU0J82iFxCM0l59lXnb+63YbqS62h6y/GZzj5MG RGMjbfTTI03qRGt6Xr1qzdUpux4gm03tLcwfvesuOuZcl9OZXDo/JVjKHxnYzJ6cTaNQ+k1u 0S9jjwY8MN102T9H7sL7t8ZrWEhekXgxZYS4uuRvjl9BPfbXbCejL6hqJyJDL6yrmJgwEU3G brwJ/L1mSRSQWIYe2fSw/pkZGa4VnS3LOIXxVTG/mWiyYuyFW8031y+J2Dfv8i9r0oU7bsHL 2bk3nWsihrjZuI9xzZdNyJZou9N1EyZXxUQb8kHseLxulN8ECOrdxOrI1sXxR4tdm7qiptkm q3rN2JRQK820y6WbBBOiwNLWleEruZmJe/NXxCqYtZWKu4SxILLfmCr07wt30es2tmq52xKL xl7aZa/zrMJWaVLAGuAzu90LuSGHQUcVCVLuwX1SJ1MV0EkRFRi6rCCDxgqWXJg1Mw8OZGrS GmYMdlks1fs9+y8ci+NXZPXt4Laotuq+swLUwhrdCr95LVGSDAG3SZ8E+OuPf4eb8d908Y+M 3Pz/MFUYIIwRYiSZNqSooiIYGiCxAajYlaaaamlLaSSk0ZRDMqaURjGGZSmWgSKUaRosVhCh IoEJYrGUNCQaMZMszLGkmzSpMVRCybSUlpmymzRsqBlmxrC00UzJVGpNqaURaEkYyomIKk0U ksVoQqFlgbRSCMbRtSqSZqURJTJpkUZU0xIUpsWxokWaSRZLbKlU0GlmqZqLKIKQjZpKMY1G plRQzJtWChmYlJIpmjLTFG2LZoIoo2WKjVY0VirNkxTKRRpmVJEzKZRsbGyVJTIqxY0WZlpR TIWbaxkpWiZKlC2aTZJgpGQayUbNJoxaNBisksNGAkYEJJCRZFUQCjT5XAGzYuUFlpe7s9D8 Oj0chucIwzoLIFDodZEhJlD6egb33qobUV/lL8e8H6PKYexD8a4vKiHfmxGNHHkTCfFiic97 z0dsnTtWy2M2Szc6n6uoWhHqeLBrSDj9Fg/rnIByePgi9hx2OV32kz0Dp+pISEIaqNHsBupp 8qfZADQna+DwVp5Qmx1yO4ZhMQnaoXA4ONgO2TOk0hnUqGAhCZwTo+TRWRMBmWHuGbMWK03O ieQlJPBsZk8iLBZXDvk35prkhdA5S1+k9yX/f+naNwuZ0OuG3deG8b03gwCCI6XXFeXt7+/X l4RDQzigph4Gh2lQcr3jfNzITuAYXS9fh4C2ex8+03shvbDw8o1tkKYvtdHsA89xBsGAOsRb 6KvXuWKgnYND1DqGId1PQYdBOyff4Vgoo2SnwJUaVrZVBVWAaz289WsWrIG6w5Cx89F0DaJk IU5HKWDSD5n3JLk3Pa16eDQcknWIR6Nl5R5NjKPQctXJ9USq23/cwSS+JbFWqlOcNZrA1mcq yHHBPryyGIYgccITOHD2KemPOojJA9iA+nyZhIzxcT17GN0vuQ41yHXjCpA+QdjksQtpRwrs 56WzUUnbav23yKm2k5mvpNnLtoDJSVk+wouFtjguGiGwwhCafk+w7htcIv1yr+wU/0RdfMJH IKcmvo+jmOlfXo9H/avdCC2KBdk58w/2REFtFVZNY/qiIAWA+TpPf8tQ9BwXABKNFg/m/JV5 GSElWA9qfpyIcJp5Xh1RU4T8G4tgMge6OwGkvJACzh7mx/EQIHL+FnSeV6z8mSmg9zx30W0D 2391Lfx/n7nybUQhCktVWPXBxlA8eT2PDvDb2ASEA/jIX80vRv+OVwIrcGg0UtOwVSfGl6o7 vzlpTdqrp5O5dR0+XTv1JAdk2RPGqIxQ4wj3IRunXigmDAhw7qRQ3PlpMuKN/KdXoIOh+9XD sg47+IhsnwleNlqQtRQlnR/3LA+XQZCzAYDd5TRgGwQej1Tocp9IBD7HhVOe6ebjfjS7XjOP PXrpTBC5axXzksnbSFhDO0JtZ6DZ5dgtGSSQhEkG26G6+GPdcAFKQMLz5khIMzJmShBIvvco c5zeTc8+nLp8iqkAiH3TSCBOVATcCFemxYJqv5OBAThYWwE0JAsCm4mhDAEYqwPt9CYe4Ixc C9gjCA6Q0R04RyuBcrS1ECNIUg4U4MN0sc+Zl+7Ji3PfmbOP169to7gTjAESdbMPY0DBQOkg 7hAMSAX7ZOl3PC5iEniqqUFsK0C+YSnWXH5dpmUyx6h6gwY6q3LJsrnA2g4EHXA6WRNqojwD QUrAqAWppHL/Sdk3Es5odQkDstPoTg7KRgwwsLIyUpYyIqMGQQZoBZD9URkYiJFUgtoNuHoB 6O3U0oaU2IHYGnTpMEkkiESMUyLVMACPwUg3D/U0CJhuamjqVJS+llTLnOWIM0Q4rbVgicSx WKik+GdScLDkA2UORVUQzCnJB9bXvqu7XizqLRERZLrdmzddIixESeYlNPWTAKcR/5XYSogK wusSsPJH+1hv0zswrRcwFBXH+1GRvc9S4/wjgE5S2R2qGIUSQpqmRoNvtwPWCxN0HcAwb+Cj jY4n6r5k99H3CoUVQgSEkizBs9pnmmUxTzTeA9EGnaVAY1KNwow/7mkFQW0kM1BLESi6enhj lChmJhA1M0hpkmSgkhIScKIg0fmhrKgQrOlsA4AcgmYiS6ZwNFzt0JQRTVcz/75Z/nPKtES0 XGLVtkxMcZhUvRvJz2wwud4VNbnbB9Odpw4yeNO0ONBK3O5GboT121nZoZ9q9RiVpsfx0s1Y q4Z24wjp54+zT2CLBUr98u2720GV7hhDRochhu6DaCXDJpIYCoWsH1sXLEw4Rp73dWcbvJiG kG+jONEKU5wfy3M8HG4dCOwdrJ+S/yemhBD4ueB02fIg+TSxeyBZBoD0WocAngpLG6h/xxCc FHiMhxkYI5Qf2+IQI5PEN72ta9FDu6Co/N1+DjIOBH6HlSn2jAGlJENcgUthDb2om5sfhLMR IxUgQIxFhAEgkFDFC+/CDoaDpOVdI+hdOh8UAnhk2dg7pdDwLu/yW2cDxlUlM6Qyr8jxzcbw 1YolpdLtPIhxRJy2PdSku45YVEwBScH31KhDW2fALsumRgGysEJYZlxN7diwnAqAHpYbLrtW XlZ34vRyD1fjKYxsodw4FlJULPU9Fj4AkhAkjIGz9hty6IkRuLtyYfB4F3OkkYSTzDXYuFKH EaVoB+wB18p8cpjBvzkLHAxmPpeK5bxFict+KVa3lr5IxDzCRYCLJA564YkX2D3Y1E6HN55C q8WrwGAoOx5NFPdz5oSoVVVVN5RFI0NQX4DIbL6Nz15Rstj5O3wUgp4TQiU9CJ0fMkkg+U+j xsaNb9zUhJizFIh0JxUotpOkiB+u4Pq5wGq5vh3/DvvDt3dty3zdMSyFZXmn0icI0B1AyfcZ JUqohQRQyN63ITDEAKh0o2LItjZHNlsETIi66g1lfRwwtaxmerCmbQtqkLCIOgNIYXMJf6qq MLgNhKwntAjm7/aZjlDfdhBeA3NkGyLgDVjcodiMjpJS95geeok95M+v223X0wwzYDqYO5XR douBcQtkwiGjAMg7OSGbBCeiFggQQitIBMNAlhZh0LY/HBEwDTZzGU2ygaCy4AMBA+sWyIMD Fz9obyqscfw1CHl+4E0cIkW37pYiQAnU3C7eSiE/dri2SzpD4gGhPBDT4d7p6XCGRK9t1S8D 6ETfoDb+P13kDOqTEo6tpez150nBOmUiJZPWThU+IqR9n1pVPtE0iFpLBQGnxEO493Aj7yMC EKZB5wHnoMpPvnsQGKN319QKqvke4cN3B78QZCHxVMnuOaBDqS00D4B3MGUb7iHievguVdS9 jJYZAJBG1pJCTYP3alN3qbBFC6ZBJJFZB8q6UK9L0OzGSAfCB2fcDT17z697NtyVRCmmSSP0 cWOylnfcQ0PJoIbCUEOhJ3BKRyPckZIZifR9EA8p+T9HXwRo+6fRddlvHy30rccBiSKNBrRx Upor7hSkRLBQ0ryUHSNgMAw4G6hbWmC6S9RDQSMgSH6P13l822q1bW45yGmyXawVbSVBRPc6 u60wzMa7nQ70cTd2exszGnE4JodkvWAtWup79zh0aZAwYDJo2DCCEowezJL3U/MxhClILEpo KAYEUjACJJUJSAgUSQSwICdmEOCQ2aqULUFlLmUDUfbxAedc4Pno6NC8U+A8PZdldJ1RNC36 EC0jCSUSpAiVD8FaDlLMEoiJjfmB7fpENDZbJLqIbaEe5BLn77LKpl3iSimpREkBOOLji4Vs SShY3felvj89evb2r0gXEnTALuu/5LSSSRicy4cpQGR6QgnUhB1GrChSRRUjRhWUNvTe1Exo piG0avCu/mt7rXpuYkZNkb9PlzYgEIbr+QaduNCxfGHBZsZmmW60BhaBTT2RfCAFDsHGwlTw qsgVg2yLFkKyBS0J3bJDEsjHyo2sF62wDVydzgzYb3PtOgGoJPdUlVxshTQCRKYe9ipwdCYF NXhCKhBYeU8mRA87MMhPWY+keXR7LCjoNLYRMtGm9TJmIFIGApHlE+uybBmBoA0mhiG5tDcM ra4ulskS+e5GBA5LJ+M6VyMrCp+OFMZ+G7gq+9JTphnN73M3ubT1HN82MdqbxCxDVKYKSrKW CIzNlGy3g7o2c4XuHw8DiwdyaAwPoih7doHffCTdMEAqUZKEqxLMWyFKYsQwP7FjdaMq2e4f QaNw1QmEHYiyKQqhXuEBob2ukW4MQIUVStyjqZHLPLS6JZDIUk7yewqieLSs9O5CawMMCDLl jUBaZuG6lccDGCBYaGRybJDJCwgl6kJC6lJTTZKLHBby1uUokTh+lEqcPCQpChYIe2CaNJ9w iSSANwTuAfOwBoF5PnyfTpLj2Q7HBA5EtYOC8j96DWnSZYD8gcM1FDb4lshAShtQUXXKFxyw pbttBoubBjSHRugl/ozoXfrK70DwrZCwk4QzHgkiGElWsMfovRE9vSaQbRUkWRLg2BHCLYDL zokZJ00cNjYdw4I2HsDu06EHyvKOA0EFubm4v3aRkex/Ho30UAHahch2gnr7+uLJ6tctrHfF ysYs4qjEoiXLRXnWZ79bpvddzO+S8paO83d3J+jPsQQJbm1Rm9eBPQfAcFchEDdLJShdUIIP VBQfwseyngAzsh4gyHhaagd3JWSb9doT2hMXgZJEFCPQ2BYbI/GXhym7IWfClbgnwcJYV+ky FVZ8OYXQ5dJDBwgbR5yJsYpC8hAzEaPwHS9tXuybdLVV2aalKkMaxGK0Vst3bxuvxVdapq5C JMYgJINjuc5zbi5LmJr15cURFgsTxSLCsJlzLmZjNSuWz9nLlPPlVylG7NNxjUa5XJAoo8Se 39UpZThK8ZLr+Ui5u/jKj+gukDyaTsEAJEwAeQ0voXB4jFT4gIQhaFQsELINBpnsZQN3fzBF biFjcdBw2QcBEHUQJlgCfdkM7lwxcIJRTy2LORxEctMIROAfKFI62U2TZOtpFU3UyHYCCcOk eBWiAkIQVNJehsiHQ0evIbcFw6hQjZXItwaD8reDcyL8I/YBng4CKEIB5YjAKxBSDIkH6BlQ WGUKAoQg9U5fADZyREzYPC20RkGGaqKON5RQAJ9oKMgCBPQ4T5duenmGKP5v83ccI1fNvB3u dgftgEwWypUhU7Oz4cQNJyeiK6t/zsdazA09tOpDGTgdGXWGI8GC7BAw3jLYieHbubRHGt1+ zagobjyf5JfN6DV8X2dz166yBo+N74PjXdMuvfLMWslMUpsLGFkXpRrNdk1XHhA2NjimzAwW xelzA9uHZst4NLuRabYwGC1wzpcCCdPkdx6eikBXCN1shckIyTyUFlFiDZN4JqPBCxEJaq+q L3sWsXSgOp9l09bG4KaSOWwV4KYDxy2yhIJ48FkiEIa7CTGlH0vQXukMBQ+1KC20Ywcr03kG 4Wetl8jj5geYgQyQ8HkXQbDkjGSRL0EKaWBkoD+kCT9wuYaIfyITlo4Bg4QFbBZnibUzC4lI 2tRGZlxBYxLKgWKwhFSLI5RxuIYCNgsqWC6mbv2eFMWVRzJIEjVLQkQIMCBRQtNFNFPdsJuB 6ueN9oc47yt7Xze8MX0SX10m+iTJ+yVZyQINh4m/DPyRFAqM7eHVEEljBJJxrakwR9Mgy61U XIlsIkiSojTmdBnLUsMQKSRBqoZ8UFSAviGjpql4hC0urWJQ5hEkdT8u0vs4V6buIvTMSIsE ZZt3Adxdyz2Jw2+NB11pqfO3gk9kbObhmG6scuFLGbHBhxgzYlgujaLh3l4l5b9ttiwazk0m zdG+Bqo06sCOAudkz4lTAuGCnKkeldkiO1lGyqnxGRnFFUUVCTMJmXMKKiiCMIiexys9DkwP X2JPSKZfgiQ28PiByBLI8LT3s7H6TyeNL9lTUqUHd0BkCwbaRKEOCjHV0GRIkA4+EIbqDNQU naQPTq6nO99qLVTa1gZLI6ZVr7SByYQHYi6sp7hCGHSJsd0eQpUkAIQC74CIvDsNg03l0cCJ JAVY/joJGwA8mwjax/OcdclHUtAqSWlSeDhd/CDgICJ3DutzPB6wxVDTo8MYp5MNnuD0AMDk 9kVP/gOdgfKDg7MwgegXyhl5Fyi3RODIfml3AMIfCALe/4IkPAJ14VOhylCJoPBsL4HzEH0f FsFKnYevg3TAuvKDC+wWHu9FMieFOCznBA6QROGdIOwInOwh5JcZVeYEPJ2W8Bh3TpQ8QyRq PJDsKpcTaEjIN75ANaTwBoRKLLhs1lKESBSfCOWkhA7wcBtBMg7EhGRhAIEL5DoQdFj4E0QF hHkk8eLRoJXGBkDJMskPvAGSUIpFHs95wWCVCswcwqX6XTVCos19t3B37kwN+M706RGCdLiw GnJ4Wxny0vHD5Ng7O5Z0J3YBh+8CewRB2F0nlfc+l6H6/1/P/xdyRThQkKPEBbs= --------------FEA31BAF106721D46AFA1ACC--