Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some MIT dependencies have a license of "LICENSE" #116

Closed
mainej opened this issue Oct 9, 2014 · 4 comments
Closed

Some MIT dependencies have a license of "LICENSE" #116

mainej opened this issue Oct 9, 2014 · 4 comments

Comments

@mainej
Copy link
Contributor

mainej commented Oct 9, 2014

For example, on a project that bundles https://github.com/heroku/rails_12factor, LF says the license is LICENSE, even though the license file is MIT.

Also happens for https://github.com/heroku/rails_serve_static_assets
@flavorjones
Copy link
Contributor

I've confirmed this behavior. Looking into it now.

@flavorjones
Copy link
Contributor

So, this is happening because the rails_12factor gem v0.0.2 has the following gemspec packaged with it:

# -*- encoding: utf-8 -*-
require File.expand_path('../lib/rails_12factor/version', __FILE__)

Gem::Specification.new do |gem|
  gem.authors       = ["Richard Schneeman", "Terence Lee"]
  gem.email         = ["richard@heroku.com", "terence@heroku.com"]
  gem.description   = %q{Run Rails the 12factor way}
  gem.summary       = %q{ Following best practices from http://12factor.net run a maintainable, clean, and scalable app on Rails}
  gem.homepage      = "https://github.com/heroku/rails_12factor"

  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
  gem.files         = `git ls-files`.split("\n")
  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
  gem.name          = "rails_12factor"
  gem.require_paths = ["lib"]
  gem.version       = Rails12factor::VERSION
  gem.license       = 'LICENSE'

  gem.add_dependency "rails_serve_static_assets"
  gem.add_dependency "rails_stdout_logging"
end

the key point being this line:

  gem.license       = 'LICENSE'

and the file named LICENSE packaged in the gem is not MIT.

@mainej, what behavior do you expect from LicenseFinder under these circumstances?

(In the meantime, it looks like the licensing was changed for rails_12factor in this pull request, which was merged in May 2014. However, the gem has not been re-released since June 2013.

@schneems, would you consider pushing a new gem with updated license info?

@flavorjones flavorjones mentioned this issue Oct 9, 2014
Closed
@flavorjones
Copy link
Contributor

I'm going to close this issues. @mainej, if you'd like to start a conversation about how, generally, LicenseFinder should handle inconsistent license metadata and/or references to unknown or non-existent licenses, I'd love to start that under a new issue. But I think there's nothing actionable around this issue right now.

@mainej
Copy link
Contributor Author

mainej commented Oct 10, 2014

@flavorjones agreed, this should be closed. Thanks for figuring out the source of the problem and requesting the rubygems version bump. In general gem/package metadata is much more reliable than any other heuristic license_finder uses. I think it's better to keep LF simple and accept that this sort of thing happens occasionally than to try to make LF handle every possible inconsistency.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mainej @flavorjones