You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2021/02/17 08:00:10 UTC
[GitHub] [trafficcontrol] zrhoffman edited a comment on issue #5488: Fix pkg.go.dev
zrhoffman edited a comment on issue #5488:
URL: https://github.com/apache/trafficcontrol/issues/5488#issuecomment-780049109
#5229 does not fix this issue. Our Godocs not displaying is a licensing issue, not a Go modules issue.
The Apache instructions for `LICENSE` and `NOTICE` files has instructions for [bundling permissively-licensed dependencies](https://infra.apache.org/licensing-howto.html#permissive-deps):
> <h3 id="permissive-deps">Bundling permissively-licensed dependencies</h3>
> <p>Bundling a dependency which is issued under one of the following licenses is straightforward, assuming that license applies uniformly to all files within the dependency:</p>
> <ul><li>BSD (without advertising clause)</li><li>MIT/X11</li></ul>
> <p>In <code>LICENSE</code>, add a <a href="http://s.apache.org/Hqj" target="_blank">pointer</a> to the dependency's license within the distribution and a short note summarizing its licensing:</p>
> <pre><code class="hljs coffeescript">This product bundles SuperWidget <span class="hljs-number">1.2</span><span class="hljs-number">.3</span>, which <span class="hljs-keyword">is</span> available under a <span class="hljs-string">"3-clause BSD"</span> license. For details, see deps<span class="hljs-regexp">/superwidget/</span>.</code></pre>
> <p>Under normal circumstances, there is no need to modify <code>NOTICE</code> to mention a bundled dependency.</p>
> <p><strong>NOTE</strong>: It's also possible to include the text of the 3rd party license within your product's <code>LICENSE</code> file. This is best reserved for short licenses. It's important to specify the version of the dependency as licenses sometimes change as product versions change.</p>
Other projects too have run into the issue of listing so many bundled dependencies in their `LICENSE` file that golang/pkgsite's use of [google/licensecheck](https://github.com/google/licensecheck) [no longer recognizes](https://github.com/golang/pkgsite/blob/5867665b19/internal/licenses/licenses.go#L43-L50) it as a valid Apache-2.0 license. Some examples:
golang/pkgsite LRE | License file
--- | ---
[mynewt.lre](https://github.com/golang/pkgsite/blob/master/internal/licenses/exceptions/mynewt.lre) and [newtmgr.lre](https://github.com/golang/pkgsite/blob/master/internal/licenses/exceptions/newtmgr.lre) | [apache/mynewt-artifact](https://github.com/apache/mynewt-artifact/blob/v0.0.15/LICENSE)
[splunk.lre](https://github.com/golang/pkgsite/blob/master/internal/licenses/exceptions/splunk.lre) | [splunk/splunk-operator](https://github.com/splunk/splunk-operator/blob/develop/LICENSE)
So, golang/pkgsite needs to have a [License Regular Expression](https://github.com/google/licensecheck/blob/main/licenses/README.md#license-regular-expressions-lres) for the ATC license, too. #5527 moves a step in this direction by normalizing the LICENSE file and adding instructions to add new entries to the bottom of the file. Note that that a common LRE between the pre-Go modules `LICENSE` file and the post-Go modules `LICENSE` file leads to coverage match percents of ~45% and ~69%, up from ~33% and ~51%, respectively, so a single LRE for both v5.0.0 and >=v<strike>5.1.0</strike>6.0.0 `LICENSE` files is not a possibility, and v5.0.0 would require its own LRE if we wanted its Godocs to show up.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org