Making WordPress.org

Opened 8 years ago

Closed 3 months ago

Last modified 3 months ago

#1944 closed defect (bug) (fixed)

Plugin Commit Check: Verify License Declarations

Reported by: ipstenu's profile Ipstenu Owned by: dd32's profile dd32
Milestone: Q2 Priority: normal
Component: Plugin Directory Keywords: 2nd-opinion
Cc:

Description

I know we do some pre-flight checks on plugins before commit (like if the code 'complies' etc). Can we add in a check for readme.txt to verify that there's a line that starts License: and it's _not_ just that?

Like enforce people to actually darn well declare their license or no SVN. That would be a nice way to enforce the CYA :)

Attachments (1)

1944.diff (5.6 KB) - added by Ipstenu 5 years ago.

Download all attachments as: .zip

Change History (13)

#1 @dd32
8 years ago

In [3897] I've started to ingest the license headers into the new plugin directory so we can run some stats to see what kind of impact this change would have.

Early indications are that probably about 50% of popular plugins list it, although they're haphazard in how they list the license (GPLv2 or later vs GPLv2+ vs GNU General Public License v2.0 or later vs GPL V2 or latest vs even GPLv2 or later (of-course) :) )

#2 @Ipstenu
8 years ago

Stage 1: Declare a license.

Stage 2: "As of Date X, your license must be on this list of GPLv2 (or later) compatible terms."?

We could probably get away with "License: GPLv[2|3]*" for much of it. Having to curate a list of acceptable terms would be a pain to start, but once it's done then it's just a mild annoyance.

#3 @Ipstenu
7 years ago

Use https://spdx.org/licenses/ to validate license format. If we could somehow automate checking "These are GPLv2+ compatible" that would be brilliant.

#4 @tellyworth
7 years ago

  • Keywords 2nd-opinion added

#5 @tellyworth
5 years ago

  • Milestone set to Q2

@Ipstenu
5 years ago

#6 @Ipstenu
5 years ago

Uploaded patch 1944.diff - This just checks that new plugins declared a license at all.

#7 @dd32
4 years ago

In 9648:

Plugin Directory: Require a license be specified in the readme.txt.

Props Ipstenu.
Fixes #4719.
See #1944.

#8 @casiepa
4 years ago

See also #5126

#9 @dd32
16 months ago

In 12526:

Plugin Directory: Ingest the License and License URI readme fields on plugin upload.

See #1944, [3897].

#10 @dd32
6 months ago

#5126 was marked as a duplicate.

#11 @dd32
3 months ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 13618:

Plugin Directory: Readme: Validate that the license field contains a likely valid license.

This adds to the existing "no license" with two new ones:

  • Warning: License appears to be not-GPL-compatible, invalid
  • Note: We could not parse the license specified, unknown

Fixes #1944.

#12 @dd32
3 months ago

looking at the license values used, at by at least 3 plugins (because the long-tail is really long)..

Notably, you'll see a bunch of things you might assume is GPL - for example, "GNU Version 2", but those are NOT the names of the license and are therefor invalid.

CountLicense HeaderOutcome
30,292GPLv2 or laterOK
10,724*Not Specified*license_missing
4,120GPLv3OK
2,994GPLv2OK
2,303GPLv3 or laterOK
650GPL2OK
627MITOK
341GNU General Public License v3.0OK
339GPL-2.0+OK
328GPL v2 or laterOK
318GPL-2.0-or-laterOK
138GPL3OK
121GPLv3 or later LicenseOK
119GPL v3OK
112GPLOK
105GPL-3.0OK
95GNU Version 2 or Any Later Versionunknown_license
94GPL v2OK
91GPL-3.0-or-laterOK
90GNU General Public License v2.0 or laterOK
87MIT LicenseOK
87GPL2+OK
81GPLv2+OK
72GPL2 or laterOK
71GNU General Public License v2 or laterOK
58GPL v3 or laterOK
56GNU AGPLv3OK
51GPL-2.0OK
44Apache 2.0OK
41GNU General Public License v2OK
41GNU GENERAL PUBLIC LICENSEOK
36GNU General Public License v3 or laterOK
35MIT/ExpatOK
35GPLv2 or later.OK
34GPL-3.0+OK
33GPLv2 (or later)OK
33WTFPLOK
30GNU General Public License v3OK
25Apache-2.0OK
23GNU General Public License v2.0OK
23Apache License, Version 2.0OK
23GPL 2.0OK
22Apache License 2.0OK
18GPLv3+OK
18GNU General Public License v3.0 or laterOK
17LGPLv3OK
17proprietaryinvalid_license
16Public DomainOK
16AGPLv3 or laterOK
16GPL 3.0OK
14BSD-3-ClauseOK
14GPL-3OK
14GPLv3 or later.OK
14GPLv3.0OK
14GPL v3 o posteriorOK
13GNU GPLv3OK
13GPL v3.0OK
13GPLv2 or later (OK
13GPLv2 or later licenseOK
13GNU Version 3 or Any Later Versionunknown_license
12Freeunknown_license
12GNU GENERAL PUBLIC LICENSE Version 3OK
11Apache v2.0OK
11GNU General Public License v2.0 (or later)OK
11BSDunknown_license
11GPL3+OK
11GNU GPL v2OK
10The MIT License (MIT)OK
10GPLv2 or later (of-course)OK
10GPLv2 or AlterOK
10GNUGPLv3OK
9AGPLv3OK
9GPL3 or laterOK
9GNUunknown_license
9GNU General Public License version 3 or laterOK
9laterunknown_license
9GPL-v3OK
9AGPL-3.0OK
9GNU GPL v2 or higherOK
9GPLv2 or later (or compatible)OK
8GPL 2OK
8GNU General Public License 3.0 or newer (GPL)OK
8GNU General Public License (GPL) version 3OK
7License: GPLv2 or laterOK
7The MIT LicenseOK
7GNU Version 2unknown_license
7GPL v2+OK
7GPL v2.0OK
7Customunknown_license
7LGPLv3 or laterOK
6GPL version 3 or any later versionOK
6GPLv2 and (components under MIT License)OK
6GNU General Public License (GPL), v3 (or newer)OK
6GPLv2 onlyOK
6GPL 2.0+OK
6GPLv2 or later (if another license is not provided)OK
6GNU GPL v3OK
6GLPv2 or laterunknown_license
6GPLv3 or later license and includedOK
6GNU Public Licenseunknown_license
6GPLv2LicenseOK
6MIT License (MIT)OK
6LGPL v2.1OK
5GNU General Public License, version 3 (GPL-3.0)OK
5GPL-3.0 LicenseOK
5GNU General Public License v2 (or later)OK
5GNU General Public License, version 3 (GPLv3)OK
5GPL v3, see LICENSEOK
5GPLv2 or any later versionOK
5ISCOK
5GNU General Public License, version 2OK
5GPLv3 or higherOK
5LGPLOK
5GPLz2OK
5GPL-3.0 or laterOK
5GPLv2 or later License URI:OK
5AGPLOK
5Apache 2OK
5HAQV1unknown_license
5MIT License/X11OK
5MPL-2.0OK
5GPL-3.0-onlyOK
4GNU General Public License version 2 or laterOK
4GPLv2 or lateOK
4UnlicenseOK
4GNU/GPLv2OK
4GPL 2.0 or laterOK
4GNU GPLOK
4GPLv3 LicenseOK
43-clause BSDOK
4WTFPL licenseOK
4GNU GPLv2+OK
4GPLv3 or Any Later VersionOK
4Apache Licenseunknown_license
4GNU General Public License (GPL) 3.0OK
4Apache2.0OK
4GNU GPLv2OK
4GNU AGPL v3.0OK
4LGPL v3.0OK
4GPL 3.0 or laterOK
4Expat LicenseOK
4GNU v3.0 Licenseunknown_license
4GNU General Public License, v2 or higherOK
4GPL 2+OK
3LGPLv2.1OK
3GPL v2.0 or laterOK
3GPL or laterOK
3Gpl V2 or latestOK
3GP2unknown_license
3GPL v2 or laterOK
3CC0OK
3Modified BSD LicenseOK
3BSD 2-Clause LicenseOK
3GPL-2.0 or laterOK
3GNU3unknown_license
3See www.stockdio.com/wordpress for details.unknown_license
3GPL version 2 or laterOK
3BSD-2OK
3GNU/GPLOK
3Modified BSDOK
3GPLv2 or higherOK
3GPLv1OK
3MPL2OK
3GPLv2 or later(OK
3Mozilla Public License Version 2.0OK
3MPL 2.0OK
3GPLv3 License URI:OK
3GNU General Public License, version 3.0 (GPL-3.0)OK
3GNU GENERAL PUBLIC LICENSE 3.0OK
3Yesunknown_license
3GNU GPL v2 or laterOK
3GPL-2OK
3Apache License - 2.0OK
3GPLv2 or later (of course!)OK
3GNU Version 2 or Any Later Version.unknown_license
3GNUv3 or laterunknown_license
3GPLv3 ONLYOK
3GPLv2 o superiorOK
3Massachusetts Institute of Technology (MIT) licenseOK
3GPLv2 or laterLicenseOK
3Personal Useinvalid_license
3GNU GPL v3 or laterOK
3cSunknown_license
Note: See TracTickets for help on using tickets.