-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] Add a flag to handle Unknown licenses #264
Comments
More details about unknown licenses in #182 (comment) |
@jcasner I'm currently working on improving the license support to get much more complete coverage of projects hosted in GitHub/supported by GitHub's Licenses API. Your second proposal sounds reasonable even with better license coverage, so I think we can do something about this soon. The packages allowlist sounds like a "nice to have", but not mandatory in order to block PRs on null licenses. Is this a "someone could want" feature, or would it affect you if we only shipped what's outlined in your "Option 2"? |
PR in progress here. |
@jcasner we've improved license detection following the approach outlined above. We are also reporting unknown licenses in the output, I hope this helps. Closing this issue, please re-open if needed. |
I think a flag to explicitly deny unknown licenses is still warranted. The following run fails to be able to detect the license of anstyle: I am unsure why this is the case since the license is available here. In any case, I still think there should be a wail to fail the job if unknown license is encountered. There are situations where you wont catch this in PR comments (ex. if triggered on push, or if triggered on PR from a fork) |
@wmmc88 Thanks for your input. Do you mind creating a new issue for your Cargo runs so the problem doesn't get lost in the comments here? |
Because it is so difficult to build and maintain a database of all licenses for all packages, it would be great if there were some options for what to do when a package with an unknown license is added.
Option 1: Comment on the PR so someone at least gets a heads up to double check the license manually
Option 2: Allow the option to explicitly deny packages with unknown licenses.
I'm open to other options, too :)
Thanks
The text was updated successfully, but these errors were encountered: