Feature Suggestion: Copyright and License Information in GemSpec

y_feldblum's Avatar

y_feldblum

14 Feb, 2011 02:55 PM

Feature Suggestion: Copyright and License Information in GemSpec

There already is a way to put the license into a gemspec.

  • Provide a way to put copyright holders and copyright years into the gemspec as well, in addition to the filename of the license file. Sample usage:
Gem::Specification.new do |s|
  s.license_file = 'MIT-LICENSE'
  # s.license_files = 'MIT-LICENSE BSD-LICENSE COPYING'
  s.license = 'mit'
  # s.licenses = %w(mit bsd gpl ruby)
  s.copyright_years = '2009-2011'
  s.copyright_holder = 'thoughtbot, inc.'
  # s.copyright_holders = [ 'Edgar W. Dijkstra', 'John McCarthy' ]
end
  • Display copyright and license information in the gem page and include it in API responses.

  • When people push new gems or new versions of existing gems, suggesting that they go back and edit their gemspecs.

  • When people push gems, verify that the license files listed exist. Possibly even do a heuristic to check that if the license is listed in the gemspec as 'mit', then the file MIT-LICENSE does in fact contain the text of the MIT License.

Cheers!

  1. Support Staff 1 Posted by Nick Quaranto on 23 Sep, 2011 03:07 PM

    Nick Quaranto's Avatar

    This one was buried in our spam filter, just unearthed it. Sorry.

    The gemspec is really hard to modify, but this information is usually in the readme and included in the gem itself. Whats the usefulness of exposing it at the gemspec level?

    Also we've talked about having metadata in the gemspec for a while, that would allow this to happen but that also is really difficult to implement (and support).

  2. 2 Posted by y_feldblum on 23 Sep, 2011 03:36 PM

    y_feldblum's Avatar

    The usefulness of exposing this at the gemspec level and encouraging gem authors to complete these fields is that it allows automated tools to collect all the copyright/licensing information about all of an application's dependencies, sub-dependencies, sub-sub-dependencies, etc.

    The tool can then do such things as confirm that all the dependencies in the dependency tree are licensed under a compatible license, build a table of all the dependencies in the dependency tree including the copyright holder's name and the licenses, etc.

    The gemspec is the only source of information about a gem that is easily available to tools. It's the place to go to put this information.

    Many applications out there depend on hundreds of gems. It is important for whoever is running or distributing an application to verify, months down the road and in an automated way, that he is complying with all of the licenses. Currently, a lot of people need to verify all this stuff by hand, which takes a lot of time.

  3. Support Staff 3 Posted by Nick Quaranto on 23 Sep, 2011 07:38 PM

    Nick Quaranto's Avatar

    Yeah, I definitely this is a further case to get metadata in. I think you should post these ideas to rubygems-developers and then we can get some more comments on it. Basically, I think this could be one of several attributes that can be part of the "metadata spec" and help to strengthen the argument to include it.

    http://rubyforge.org/mailman/listinfo/rubygems-developers

  4. 4 Posted by Brett Hardin on 13 Mar, 2012 08:32 PM

    Brett Hardin's Avatar

    SourceNinja pulls the data from these gems and uses that information. I am sure you guys could also.

  5. Support Staff 5 Posted by Eric Hodel on 14 Mar, 2012 05:38 AM

    Eric Hodel's Avatar

    How are the combination of license, authors and date insufficient for determining this information? Copyright (in the US, at least) is automatically granted without need to file and the expiry date should be determinable from the date embedded in the gem.

    As mentioned, the license field already exists.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac