Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Composer licence Id checking to broad #866

Closed
northern opened this issue Feb 1, 2018 · 9 comments
Closed

Composer licence Id checking to broad #866

northern opened this issue Feb 1, 2018 · 9 comments

Comments

@northern
Copy link

northern commented Feb 1, 2018
edited
Loading

My package is currently marked as a "broken state" because one branch, that might or might not be abandoned in the future, has a Composer licence Id issue.

Reading composer.json of northern/common (feature-filter-helper)
Importing branch feature-filter-helper (dev-feature-filter-helper)
Skipped branch feature-filter-helper, Invalid package information:
License "gpl" is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.
If the software is closed-source, you may use "proprietary" as license.

To me it seems that Packagist's composer licence checking is doing this for all branches where I think that's not entirely fair. To me it seems reasonable to only do this sort of checking on master, or maybe even better, the "default" branch (GitHub; Repos Settings -> Branches -> Default Branch) instead of all branches in the repository. Development branches might have issues in them, including composer licence Id issues that will be fixed when merged in the future.
@pounard
Copy link

pounard commented Feb 23, 2018
edited
Loading

I have a similar problem, and even worse it does check for each tag when you manually click the update button -> packagist is spamming we from 3 to 5 or 6 email on each push in a project were I did fix the SPDX licence identifier: #883.

@AnrDaemon
Copy link

It should not be issuing warnings on //branches// other than project head, IMO.

@pounard
Copy link

pounard commented Feb 23, 2018

@AnrDaemon probably, but why does I get so many mails with a project I fixed ?

@Jean85
Copy link

Jean85 commented Feb 26, 2018

Probably because you have older branches still open that does not contain the fix?

@AnrDaemon
Copy link

Why should they? It's just old/dead branches, I'm not obliged to cleanup.

@pounard
Copy link

pounard commented Feb 27, 2018

I agree with @AnrDaemon that's a real usability issue, some rather old projects might contain tons of outdated branches. I now that we all need to do some cleanup at some point, but we can't just be forced to do it.

@AnrDaemon
Copy link

A simple solution to arbitrate these checks would be to only check branches with explicit aliases set in composer.json.

@stof
Copy link
Contributor

stof commented Feb 27, 2018

@Seldaek AFAICT, composer has some unreleased changes which would help here

@andrerom andrerom mentioned this issue Feb 28, 2018
Closed
Seldaek added a commit to composer/composer that referenced this issue Mar 1, 2018
@Seldaek
Check for license validity only on newly updated branches, refs compo…
72476b6 
…ser/packagist#866, refs composer/packagist#883
@Seldaek
Copy link
Member

Seldaek commented Mar 1, 2018

Pushed composer/composer@72476b6 which now only validates licenses for branches updated recently.

@Seldaek Seldaek closed this as completed Mar 1, 2018
@pounard pounard mentioned this issue Mar 7, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@Seldaek @pounard @stof @northern @AnrDaemon @Jean85