-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New linter rule: validating LICENSE files #228
Comments
Potentially also validate against licensing restrictions that Anaconda has per company-wide policies. |
@skupr-anaconda, I've heard you have tooling that might already do something like this? |
Yeah, this script checks if the license exists on GitHub and GitLab https://github.com/anaconda-distribution/finder/blob/main/finder/common/check_urls_exist.py. |
Nice work @skupr-anaconda , it's at least a good starting point for this linting project. I'm guessing SHA-256 hashes are probably the safest finger printing and I think there might be existing tools out there that do some of this work for us. I know I've seen some tools at previous companies I've worked at that can detect if a license is allowed for NPM packages based on some pre-defined rules. I'm sure there's some Python equivalent library we could leverage. |
Not sure how feasible this is, but I wanted to capture the thought here anyways.
Coming out of this PR, I wonder if we can validate what we claim the license should be from what the LICENSE file in the repository indicates: AnacondaRecipes/libmicrohttpd-feedstock#1
Maybe the linter can use the
dev_url
or some other required field to probe theLICENSE
file against a known list of files (or SHA-256 hashes of known license files) to validate what we list inmeta.yaml
matches.Perhaps this can catch other mistakes in
conda-forge
or detect if the license changes between versions?The text was updated successfully, but these errors were encountered: