License missing from gemspec

[bf4]

RubyGems.org doesn't report a license for your gem. This is because it is not specified in the gemspec of your last release.

via e.g.

spec.license = 'MIT'
# or
spec.licenses = ['MIT', 'GPL-2']

Including a license in your gemspec is an easy way for rubygems.org and other tools to check how your gem is licensed. As you can image, scanning your repository for a LICENSE file or parsing the README, and then attempting to identify the license or licenses is much more difficult and more error prone. So, even for projects that already specify a license, including a license in your gemspec is a good practice. See, for example, how rubygems.org uses the gemspec to display the rails gem license.

There is even a License Finder gem to help companies/individuals ensure all gems they use meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough issue that even Bundler now generates gems with a default 'MIT' license.

I hope you'll consider specifying a license in your gemspec. If not, please just close the issue with a nice message. In either case, I'll follow up. Thanks for your time!

Appendix:

If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), GitHub has created a license picker tool. Code without a license specified defaults to 'All rights reserved'-- denying others all rights to use of the code.
Here's a list of the license names I've found and their frequencies

p.s. In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :). See the previous link or my blog post aobut this project for more information.

[erniebrodeur]

How is this exactly a public service?

This seems like 'ooo come look at my projects', which I won't be clicking on nor will I recommend to anybody. It clearly has a LICENSE file in the gem that actually specifies what it is.

As for this 'bundler now generates gems with a default', it always has. I hacked that out since that's not the one I use.

In the future, don't comment on any of my other projects. I intend to fix this, but have no intention of leaving this bug open for your benefit.

[bf4]

Thanks for your feedback

It is a public service because I am checking public gems for missing
license spec, which is a community issue that needs addressing.

Saying my project is self-serving is like saying a true altruist must never
benefit from or enjoy his/her work. I enjoy helping and coding; otherwise
I don't know why you'd say that.

Didn't I link to the bundler commit? It's from a year ago. That's hardly
always.
rubygems/bundler@1bcc2af#lib/bundler/templates/newgem/newgem.gemspec.tt

I'll add you to the blacklist before I run it again.

B mobile phone

On Jul 30, 2013, at 2:05 AM, Ernie Brodeur notifications@github.com wrote:

How is this exactly a public service?

This seems like 'ooo come look at my projects', which I won't be clicking
on nor will I recommend to anybody. It clearly has a LICENSE file in the
gem that actually specifies what it is.

As for this 'bundler now generates gems with a default', it always has. I
hacked that out since that's not the one I use.

In the future, don't comment on any of my other projects. I intend to fix
this, but have no intention of leaving this bug open for your benefit.

—
Reply to this email directly or view it on
GitHubhttps://github.com//issues/13#issuecomment-21773183
.

[erniebrodeur]

Hey Ben,

You are right, I was unduly critical because to me at the time it seemed like spam. For that I apologize. I don't think you need to blacklist my stuff, again, unduly critical.

One thing that really might improve this, is having your project cut out a patch and either scan for the LICENSE or by default, put an MIT one there.

Part of the reason this bugged me, is it was a simple typo. My newer gemfiles link to my license because I use better bones now then I did then. It didn't seem you were actually looking at my project, more just mass harvesting all messed up gemspecs on rubygems.

Which leads me to another question, how do you scan packages? Is it based purely on rubygems with homepages on github?

[bf4]

Thanks for your words.

I'd like to generate a pr, but, besides that it would be complicated
and error-prone, 1) it would probably still look spammy to some ppl 2)
I haven't had to manually make too many, yet, so that hasn't driven me
to invest the time and code. It would be a big overhead to not only
hit the rubygems api, but to download, unpack, and try to guess the
license for each gem. And then if I don't find it, create an issue.
Some projects just haven't considered or decided on a license. I'm
more likely to scan for issues I opened that can be closed, but I
already visit every issue myself.

I wrote up my steps to create issues at bf4/gemproject/issues/1 better
than I could by email.

Any thoughts on how I could sound less spammy? I revise the text
periodically based on feedback

[erniebrodeur]

Less is more. As long as you put 'pr' into it, it will be spam as it is unsolicited and marketing.

You might be better off writing tools to assist people in determining the license, on it's own page, and just linking.

[bf4]

Awesome! 🌈

I don't know if you want to continue the conversation, but I don't fully understand what you wrote above.

• What do you mean by put 'pr' in it? For the issue to have the term 'pr' in it?
• Aren't most issues on open-source projects unsolicited?
• What makes this marketing?
• Do you mean a tool to help people to choose a license (because I linked to those) or a tool to scrape github pages and guess a license? Because both of those concerns are orthogonal to the purpose of this project, which is about surfacing the license via the gemspec.

[bf4]

For reference, see bf4/gemproject#5