Return-Path: X-Original-To: apmail-cordova-dev-archive@www.apache.org Delivered-To: apmail-cordova-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 90A5F18DED for ; Thu, 13 Aug 2015 18:47:57 +0000 (UTC) Received: (qmail 46478 invoked by uid 500); 13 Aug 2015 18:47:57 -0000 Delivered-To: apmail-cordova-dev-archive@cordova.apache.org Received: (qmail 46433 invoked by uid 500); 13 Aug 2015 18:47:57 -0000 Mailing-List: contact dev-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cordova.apache.org Delivered-To: mailing list dev@cordova.apache.org Received: (qmail 46420 invoked by uid 99); 13 Aug 2015 18:47:57 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Aug 2015 18:47:56 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 8DAE4C211D for ; Thu, 13 Aug 2015 18:47:56 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.15 X-Spam-Level: *** X-Spam-Status: No, score=3.15 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id tmC26QOdHJpD for ; Thu, 13 Aug 2015 18:47:41 +0000 (UTC) Received: from mail-oi0-f52.google.com (mail-oi0-f52.google.com [209.85.218.52]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 2651D2055B for ; Thu, 13 Aug 2015 18:47:41 +0000 (UTC) Received: by oiew67 with SMTP id w67so13102867oie.2 for ; Thu, 13 Aug 2015 11:47:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=hOJDvFKu+Y7AZl+trT9pac/rvHILRoh3SqrVx/Q6ZvU=; b=jy/eoFQJId2r6818VfahqTWYBEM/qcxUlwtZjFTbwhwjex/DQUY9gtvBprDt6kqhVJ FZNYosHRxQkrmBXGiKhwZSp1pEadKRzNt+e0ssL1N7ZHcGj7rEjlGTG81Jodey3GJSSh ZwXPYLYVHpiD18BM0ihPjScOABEsqT2SnwKWvbWbtYpwEu/6BNxPCAEg+8qePXbuZzXK asR8ODxTHQAP07QU5JfWFlIgc6zox5PGf/A5qiuNi42SkJLAkbwCV26eRJc2e6NvUDy/ +y0MwvRMtGQ1rLL9MGQbHwJTgLXW5F8CsWT9MS5teTu2PJvSmHZ/VokcuYvfBsPro8Et MzIA== X-Received: by 10.202.197.86 with SMTP id v83mr13673893oif.88.1439491660565; Thu, 13 Aug 2015 11:47:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.245.131 with HTTP; Thu, 13 Aug 2015 11:47:21 -0700 (PDT) In-Reply-To: References: From: Steven Gill Date: Thu, 13 Aug 2015 11:47:21 -0700 Message-ID: Subject: Re: questions about coho audit-license-headers and check-license To: "dev@cordova.apache.org" Content-Type: multipart/alternative; boundary=001a1134e93c15d250051d35c5d0 --001a1134e93c15d250051d35c5d0 Content-Type: text/plain; charset=UTF-8 Audit license headers is the important one. At the end of the day, we aren't shipping any of our dependencies. They are all downloaded by our users. We can contact module authors who don't have license listed to get them to list one. -Steve On Thu, Aug 13, 2015 at 5:40 AM, Homer, Tony wrote: > I'm trying to validate the tools release. > I'm following the instructions[1], but I haven't used coho before and am > not sure about the results. > > `coho audit-license-headers -r js -r lib -r cli -r plugman` > The doc warns that audit-license-headers has false positives, so I'm > ignoring the following results: > ./appveyor.yml > ./tasks/vendor/commonjs-tests/* > ./tasks/vendor/jasmine/* > ./spec-cordova/* > ./spec-plugman/* > ./src/plugman/help.txt > Are these are all false positives? > If yes, I think the audit-license-headers results are ok. > > `coho check-license -r tools` > I got a lot of results so I started adding what I think are false > positives to the license filter: > "ISC","Public Domain","WTFPL","ASF","Unlicense","Artistic-2.0" > I also updated to nlf 1.3.2 in order to get nicer output and a fix for the > single license under licenses bug [2]. > I still get 88 results for packages with no license entry in package.json. > (plus xmldom, which has a syntax error in the license entry but has an > Apache-compatible license) > > Are "ISC","Public Domain","WTFPL","ASF","Unlicense","Artistic-2.0" all > Apache-compatible? > Are packages with no license entry ok - any additonal action required? > Should I submit a PR to add the additional license strings to the filter > and update nlf? > > [1] > https://github.com/apache/cordova-coho/blob/master/docs/tools-release-process.md#test > [2] https://github.com/iandotkelly/nlf/pull/22 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org > For additional commands, e-mail: dev-help@cordova.apache.org > > --001a1134e93c15d250051d35c5d0--