Add CI enforced License check of dependencies if we open-source #23
Labels
ci/cd
legal
Regarding Licenses, Policy updates, Warnings to users (that might cause trouble if not there) etc.
open-source
Comments
Jonas-Sander
added
ci/cd
legal
nilsreichardt
added a commit
that referenced
this issue
Sep 24, 2023
## Description With this PR, we are able to convert the https://appdistribution.firebase.dev/i/9c4942a1c01a5496 link into a prettier one: https://sharezone.net/android-alpha.
github-merge-queue bot
pushed a commit
that referenced
this issue
Nov 6, 2023
Check that all packages we use have licenses that we are allowed / we want to use via [`package:license_checker`](https://pub.dev/packages/license_checker). (Unfortunately every new local `lib` package will have to be added to the `licenses_config.yaml` manually.) If it fails the output will list all packages with a non-permitted license. See this example where I removed the `BSD-3-Clause` license from `permittedLicenses`: ``` ┌─────────────────────────────────────────────────────────┐ │ Package Name License │ ├─────────────────────────────────────────────────────────┤ │ flutter_markdown BSD-3-Clause │ │ built_value BSD-3-Clause │ │ characters BSD-3-Clause │ │ checked_yaml BSD-3-Clause │ │ cloud_firestore BSD-3-Clause │ └─────────────────────────────────────────────────────────┘ ``` Closes #23
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If we open-source our software we need to make sure that we don't use a package that is licensed under a strong copy-left license (e.g. GPLv3) that would force us (if I understood it correctly) to also make our project licensed under the same license (e.g. we would need to use GPLv3).
This could be done with something like dart_license_checker or FOSSA.
The text was updated successfully, but these errors were encountered: