from Hacker News

GitHub unveils its Licenses API

by Iuz on 3/26/15, 3:56 PM with 27 comments

  • by FiloSottile on 3/26/15, 6:08 PM

    I and a friend wrote a tool to check your repositories with this API:

    http://put-a-license-on.it/

  • by brandonwamboldt on 3/26/15, 5:20 PM

    It's actually been out for a couple of weeks, see the blog post from March 9th: https://github.com/blog/1964-open-source-license-usage-on-gi...

  • by michaelmior on 3/26/15, 5:28 PM

  • by kijin on 3/27/15, 12:31 AM

    The quibble about GitHub not correctly handling files named COPYING is spot on. I have some LGPLv3 projects, and whenever possible I put the license into two files named COPYING (a verbatim copy of GPLv3) and COPYING.LESSER (an addendum that converts GPLv3 into LGPLv3). Because that's what the FSF recommends. I have no idea how GitHub's crawler will interpret this. Maybe it only sees the first file and thinks I'm using GPLv3?

    Anyway, the whole "scan the repository for anything that looks like a license" approach seems to be misguided from the beginning. What if the license is in a comment at the top of an ordinary source file, as I often do with short licenses like MIT? What if it's just a link to the FSF or opensource.org? What if it's a translation of a popular license into another language, or a link to a translation? What if the only file that contains a license is a library with a different license than what the owner intended? Approximations and second-guesses are good enough if you're just trying to pull some statistics, but open-source licenses have legal implications for everyone involved.

    Just let me pick a license in the repository settings, not only for new repos but also for existing ones. And if I do so, please display my choice prominently in search results so that nobody will misunderstand my intentions. I don't really care about the API, I want to see the options in the official web interface. You are welcome to throw a warning if you detect something in the repository that seems to contradict my selection. You are welcome to suggest that I add a license file. But they should be suggestions, not prerequisites for GitHub to recognize a license in the first place. The owner, not some half-baked robot, should have ultimate authority over what the license is.

    Bonus: Forks automatically inherit the license of the original repo, unless the forker explicitly picks a different one. First-time pull requesters are informed that their patches will be licensed under the same license as the repo, and by clicking "Submit", they agree.

  • by andrewchambers on 3/26/15, 8:55 PM

    I think the real reason there are so many without licenses, is because most projects on github are just a few commits and then abandoned. They are just created as a quick hack or experiment.

    The popular ones with many users seem to all have a license.

  • by rgarcia on 3/26/15, 9:19 PM

    I open-sourced a tool a few days ago that lets you do mass modification of git repos, including (but not limited to) adding license files: https://github.com/clever/gitbot. I've used it to add licenses to close to a hundred repositories at Clever. Would be great to see if others find it useful.

  • by prayerslayer on 3/27/15, 7:27 AM

    I collected the most popular repositories and their license. This post includes a CSV dataset which you can process yourself: https://npiccolotto.com/2015/03/licenses-of-popular-open-sou...

  • by task_queue on 3/26/15, 11:35 PM

    It will be interesting if they ever pursue providing a way to enforce licenses and IP.

    If a user browses or pulls repository A and releases repository B, which is found to be violating A's license or IP, a log could provide evidence of culpability.

  • by teamhappy on 3/26/15, 7:50 PM

    Does anybody know where the license texts come from? Copy & paste from the OSI website? In other words: Are they equivalent?

    (The OSI is part of the SPDX workgroup, but that doesn't really answer the question.)

  • by avinassh on 3/26/15, 5:13 PM

  • by pepijndevos on 3/27/15, 12:14 PM

    I never put a license on any of my small projects. I'm the kind of person that happily combines incompatible projects. I simply don't care, and neither does anyone else.

    Once my projects gain traction, issue #1 is usually "add a license". I add whatever the reporter wants.

    The bottom line is that any project with actual users has a license.

  • by dwyer on 3/27/15, 12:46 AM

    > one of the leading complaints being that it takes a lax approach to software licensing

    I never understood this criticism. There's plenty of software I haven't bought a license for. I don't feel that just because somebody shares their code or archives it in public that I'm entitled to a free license.

    That said, I've been approached on Github about licensing my code and I'm happy to grant one. For the most part, however, I just dump code to Github because it's a convenient way to backup and dealing with licenses just creates friction. I'd rather know that somebody out there explicitly wants the code before dealing with it.