cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Homer, Tony" <>
Subject Re: questions about coho audit-license-headers and check-license
Date Thu, 13 Aug 2015 20:55:59 GMT
Thanks for replying Steve - I see what you mean about dependencies, hadn't
thought about that.

When I did `coho verify-archive` I got "gpg: WARNING: This key is not
certified with a trusted signature!".
I guess this is ok, but is there any way to address the warning?

On 8/13/15, 2:47 PM, "Steven Gill" <> wrote:

>Audit license headers is the important one.
>At the end of the day, we aren't shipping any of our dependencies. They
>all downloaded by our users. We can contact module authors who don't have
>license listed to get them to list one.
>On Thu, Aug 13, 2015 at 5:40 AM, Homer, Tony <> wrote:
>> I'm trying to validate the tools release.
>> I'm following the instructions[1], but I haven't used coho before and am
>> not sure about the results.
>> `coho audit-license-headers -r js -r lib -r cli -r plugman`
>> The doc warns that audit-license-headers has false positives, so I'm
>> ignoring the following results:
>> ./appveyor.yml
>> ./tasks/vendor/commonjs-tests/*
>> ./tasks/vendor/jasmine/*
>> ./spec-cordova/*
>> ./spec-plugman/*
>> ./src/plugman/help.txt
>> Are these are all false positives?
>> If yes, I think the audit-license-headers results are ok.
>> `coho check-license -r tools`
>> I got a lot of results so I started adding what I think are false
>> positives to the license filter:
>> "ISC","Public Domain","WTFPL","ASF","Unlicense","Artistic-2.0"
>> I also updated to nlf 1.3.2 in order to get nicer output and a fix for
>> single license under licenses bug [2].
>> I still get 88 results for packages with no license entry in
>> (plus xmldom, which has a syntax error in the license entry but has an
>> Apache-compatible license)
>> Are "ISC","Public Domain","WTFPL","ASF","Unlicense","Artistic-2.0" all
>> Apache-compatible?
>> Are packages with no license entry ok - any additonal action required?
>> Should I submit a PR to add the additional license strings to the filter
>> and update nlf?
>> [1]
>> [2]
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message