Comments (14)
One option would be to use the licensee
gem that GitHub use themselves for that API, which would have the bonus of working with not-GitHub sources. But it would require having the source downloaded and I don't think any of our audits do that.
Given we do have metadata file copying however, we could make it an installed keg check and read those files.
from brew.
If @issyl0 managed to make the license API work for branches I think that should be good enough at least for cases like this. I don't really know of any cases where an install time check would be better.
from brew.
It seems like we use a Github API endpoint to fetch this information which doesn't provide any way to specify the version of the repo.
brew/Library/Homebrew/utils/github.rb
Lines 500 to 509 in c355461
from brew.
I think we have a license mismatch allowlist we can use here? It might get forgotten though.
We do and are using that for now. But allowlists really should be for genuine exceptions rather than silencing a buggy audit.
from brew.
And did you fix it when you found out? 😅
from brew.
@SMillerDev I have a PR open, it's waiting on the team who actually works on this stuff to tell me how I should have done it. 😂
from brew.
We check files in the install all the time. Should be disable to add license
from brew.
I think we have a license mismatch allowlist we can use here? It might get forgotten though.
from brew.
Are we saying that the license could change between a release branch and the main branch? Feels like something the /repos/license
endpoint should be able to handle (personal opinion).
EDIT: Hmm, tested this and gh api "repos/issyl0/rl-testing/license"
returns MIT. I noticed it might take a ref
query parameter, but gh api "repos/issyl0/rl-testing/license?ref=test-new-license"
still returns MIT (despite the other fields saying that it's definitely on the new branch).
Maybe it only computes licenses on the main branch?
from brew.
Yeah, I'd expect the same of the endpoint
from brew.
You've successfully nerd-sniped me into figuring out why /repos/.../license?ref=blah
doesn't work. 🙃
from brew.
We check files in the install all the time. Should be disable to add license
Agreed. I don't think we should do this always but it would be nice to have some sort of license audit here that can handle the case where the tarball output is correct even if the upstream repo is not.
from brew.
Okay, I now see that comment was different than what I meant, which was:
We check files in the install all the time. Should be possible to add a license check
from brew.
@SMillerDev Yeh, I agree with that too. My thinking is that we'll need to do something clever so that the install time license check is only used some of the time when we know there's problems and a mismatch otherwise (rather than moving all license checks to always be install time)
from brew.
Related Issues (20)
- `brew tests` fails wth Xcode 15.3 on Apple Silicon HOT 3
- `--overwrite` should always overwrite links HOT 8
- Should .app files be deleted when reinstalling apps with `brew reinstall`, or at least ask? HOT 2
- Cask page layouts mission "description" column HOT 1
- brew doctor reports "no formulae" for 3rd party taps HOT 4
- `brew extract` creates a class name with `@` symbol instead of `AT` HOT 2
- Run the test suite in the default API mode HOT 11
- Suppress "completion installed" text in Caveats HOT 5
- brew audit: allow `require_root` to exist independent of `run` in service do blocks HOT 7
- `brew install` fails when there's a single visible directory and no other files at the top of a repository HOT 2
- brew bump produces backtrace if no repositories are tapped
- bump-formula-pr fails with `Parameter 'version': Expected type T.nilable(String), got type Version with value #<Version:0x0000000107fe472...0.2"` HOT 2
- brew does not upgrade the casks HOT 7
- `env HOMEBREW_NO_AUTO_UPDATE=1 brew install imagemagick` fails on GitHub Actions macOS 13 runners due to attempted upgrades HOT 3
- Proper XDG_CONFIG_HOME usage HOT 6
- Last digit of formula version number can be omitted when upgrading HOT 4
- brew install mesa fails at link step on Fedora Silverblue (probably not a formula bug) HOT 7
- Error: undefined method `each_with_object' for nil:NilClass HOT 4
- Auto disable hints if already exists the environment variable HOT 8
- Allow checksum on unversioned URL HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from brew.