-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Required keywords for registry #24
Comments
I agree. Without going into the specifics of each issue you raised, would the quick fix be to change this: # Must be present, copied to json
required_keys = ["name", "version", "license", "author",
"maintainer", "copyright"]
# Optionally present, copied to json
optional_keys = ["description", "executable", "dependencies",
"dev-dependencies"] to # Must be present, copied to json
required_keys = ["name", "license", "maintainer"]
# Optionally present, copied to json
optional_keys = ["author", "copyright", "description", "executable", "dependencies",
"dev-dependencies", "version"] in the validate script? |
Yes, let's improve this. I think we all agree on the issues you raised, we just have to figure out a way to improve it. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I wonder why we require
license
,maintainer
,author
andcopyright
to be present in the package manifest of a submitted package. Shouldn'tlicense
andmaintainer
be sufficient for a package to be valid?Then the question is how we specify the maintainer properly, for all packages registered it is an email address so far, while
fpm new
with both bootstrap fpm and Fortran fpm will currently create a name and an email address.Also, for all packages so far, we have single author projects, which will change once we start porting larger projects to work with fpm, those usually have more than one maintainer and/or author. fpm itself is probably the simplest example for this purpose, there is just a placeholder for the maintainer available right now.
I would suggest to allow or better require the maintainer entry to be an array of strings.
Similar arguments hold for the author field, most packages will have more than one author.
Additionally, I want to add that putting up an email address might not be the easiest way to reach out to the maintainer. Depending on the project emailing the maintainer might work, but usually creating an issue is the preferred way to report bugs or request features, while questions are usually handled by various other platforms, like gitter, zulip or a forum. In short, this information is usually present on the homepage of the project or the projects README.
The copyright fields is especially tricky, since it is not always that easy to pin down. I have projects where I cannot put a copyright statement in one line and even if I could put several lines using a TOML multiline string, those wouldn't apply for the complete project.
Another thing I was wondering, in case a package is dedicated to the public domain (Unlicense, CC0, ...), I wouldn't include a copyright statement at all, due to it being in public domain.
Finally, there seems to be no check if the license fields is actually a valid license or matches the license contained in the package itself. An easy way would be to follow Cargo or conda-forge and require at least a valid SPDX identifier for the license.
The text was updated successfully, but these errors were encountered: