Comments (8)
I don't really understand the pushback to adding a single line to the nuspec file that is very common in just about every other NuGet package. There's no maintenance burden. There's already a pull request for it.
Since you seem to be invested in AngleSharp (potentially using it) I wonder why you don't invest in it. You did not give a star, no sponsor support, no PR or contributions in any other form.
I think you confuse the use-case discussion that you have with the PR. There is no push back on the PR; and the issue is still open. It will be merged when the time is right - but until then there is no need. The package was fine beforehand and is still fine. The addition is neat and useful, but not crucial.
Regarding the discussion; you still fail to understand that just identifying a repo license is not the same as the package license; they might be different and therefore you will in general be in trouble - as I assume you do the license gathering for legal reasons. The package license always takes precedence (technically and legally) - if you disregard this you'll be in trouble.
from anglesharp.
We have the symbols package published which leads to the sources in the repository. Along this the package has the project URL, which contains a reference to the repository.
Not sure what that should help. Any specific use case that cannot be covered otherwise?
from anglesharp.
The use case is if the dedicated repository property is used a direct link is published on the nuget listing. At the same time I generate an SBOM of all my dependencies which includes the repository url property etc.
from anglesharp.
Not sure what that should help. Any specific use case that cannot be covered otherwise?
I have some automation that uses the repository URL to get the license file for the package. Without a repository URL in the NuGet package, the license file cannot be automatically found.
An alternative for me would be to include the LICENSE
file in the NuGet package, but adding the repository URL to the NuGet package would be sufficient for my use case.
from anglesharp.
OK why do you need the license file from the repo? This does not make much sense as its not reliable. For example, if you download the package in version 1.0.0 you'd need to find the point in time of the repo where the package was published (maybe you get to this point via a tag, but even if a repository in question uses tags you might not know the naming convention / how the tag was named for the particular version). And even then it might not be reliable (there might be multiple packages coming from the repository, and the root / or any other path might not contain the LICENSE file used for the package).
NuGet has multiple fields for license - AngleSharp uses the license expression field (https://github.com/AngleSharp/AngleSharp/blob/devel/src/AngleSharp.nuspec#L8). If you find a particular expression (e.g., MIT in this case) you don't need the license file. It's a standardized license, meaning you can just refer to it via the expression (e.g., https://opensource.org/license/mit).
from anglesharp.
For example, if you download the package in version 1.0.0 you'd need to find the point in time of the repo where the package was published
The nuspec file can specify the commit hash.
https://github.com/NuGet/NuGet.Client/blob/5502baa16a294bb1290b6fd2a135694ed2884a59/src/NuGet.Core/NuGet.Packaging/compiler/resources/nuspec.xsd#L85
If there's a repository
element (like the one added in PR #1169), then dotnet pack
includes the commit hash automatically.
It's a standardized license, meaning you can just refer to it via the expression (e.g., https://opensource.org/license/mit).
There's a difference between the template and the actual license in this repository.
The template has placeholders:
Copyright <YEAR> <COPYRIGHT HOLDER>
Permission is hereby granted, free of charge, to any person obtaining a copy of ...
whereas the license in this repository says:
The MIT License (MIT)
Copyright (c) 2013 - 2024 AngleSharp
Permission is hereby granted, free of charge, to any person obtaining a copy of...
from anglesharp.
Again, this way is not reliable. Not sure if you read my entire message - there is no way to identify what is the correct license file. You should get the license information from the package - not the repository; as you also consume the package - not the repository.
In any case - if there is a license attached to the NuGet package (via one of the metadata fields) it takes precedence. Your way can be a great fallback mechanism, but nothing more.
from anglesharp.
there is no way to identify what is the correct license file.
It's often called LICENSE
or something similar and is very easy to locate. Even GitHub can work out what the licence of a repository is using this technique.
I don't really understand the pushback to adding a single line to the nuspec file that is very common in just about every other NuGet package. There's no maintenance burden. There's already a pull request for it.
from anglesharp.
Related Issues (20)
- Read only DOM and other ways to reduce allocation rate HOT 9
- DSL or fluent API for document construction? HOT 1
- Im not able to get any element from the site HOT 5
- Request for Support / Sponsorship HOT 1
- IHtmlDocument has IDisposable - for what?) HOT 1
- Redirect to Custom URL Scheme HOT 2
- Issues with Headers HOT 2
- Use libraries provided by framework HOT 3
- QuerySelectorAll problem HOT 1
- SemVer scheme in AngleSharp -alpha versions broken HOT 1
- Multipart/form-data support HOT 1
- IndexOutOfRangeException in AngleSharp.Common.ArrayPoolBuffer.Append HOT 1
- Getting Attributes for each Element HOT 1
- InvalidOperationException: Stack empty in AngleSharp.Html.Parser.HtmlDomBuilder HOT 1
- Attributes in Elements HOT 3
- Parser Issue Findings from Fuzzing HOT 4
- Additional Findings from Fuzzing HOT 3
- NullReferenceException when using own HttpClient HOT 1
- How to Change the Accept header in DocumentRequest HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from anglesharp.