Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

centralized license evidence gatrhering #1162

Open
jkowalleck opened this issue Nov 4, 2024 · 1 comment
Open

centralized license evidence gatrhering #1162

jkowalleck opened this issue Nov 4, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Nov 4, 2024

Gathering license evidence is a common feature of downstream users.
As a library, this should be centralized in here, so that maintenance efforts are minimized.

currently known implementations downstream:

related downstream issues


Requirements

license for evidence

  • have no acknowledgement -- they are observed
  • have a name that expresses their origin -- file: ${filePath}
  • have the full license texts as attachment
    • are base64 encoded, when auto-detected, just to be save
    • have an appropriate content type of text/...

files to take into account

  • /^LICEN[CS]E/i -- general file pattern
  • /.LICEN[CS]E$/i -- common file pattern for multi-license projects
  • /^NOTICE$/ -- file with this exact name is relevant in terms of Apache-2.0 license

text content type

like so

const MAP_TEXT_EXTENSION_MIMETYPE: Readonly<Record<string, MimeType>> = {
  '': 'text/plain', // our scope is text!
  '.csv': 'text/csv',
  '.htm': 'text/html',
  '.html': 'text/html',
  '.licence': 'text/plain',
  '.license': 'text/plain',
  '.md': 'text/markdown',
  '.rst': 'text/prs.fallenstein.rst',
  '.txt': 'text/plain',
  '.xml': 'text/xml' // not `application/xml` -- our scope is text!
} as const

additional license-file related file extensions

  • .apache
  • .apache2 <<- missing in most implementations
  • .bsd
  • .mit
  • .gpl

...

to be continued

@jkowalleck jkowalleck added the enhancement New feature or request label Nov 4, 2024
@jkowalleck
Copy link
Member Author

jkowalleck commented Nov 4, 2024

Previous attempts to solve this were postponed, since there is not enough known about the requirements downstream.
Any API released today would probably be insufficient - it would require extending a lot or be unused.
Lets wait until more specialized downstream users have solved this problem.

jkowalleck added a commit to CycloneDX/cyclonedx-node-npm that referenced this issue Dec 18, 2024
followup of #1243

make implementation a copy-past of existing art:
<https://github.com/CycloneDX/cyclonedx-node-yarn/blob/main/src/_helpers.ts>

this should make it easier for
CycloneDX/cyclonedx-javascript-library#1162

---------

Signed-off-by: Jan Kowalleck <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant