Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Required keywords for registry #24

Open
awvwgk opened this issue Oct 4, 2020 · 2 comments
Open

Required keywords for registry #24

awvwgk opened this issue Oct 4, 2020 · 2 comments

Comments

@awvwgk
Copy link
Member

awvwgk commented Oct 4, 2020

I wonder why we require license, maintainer, author and copyright to be present in the package manifest of a submitted package. Shouldn't license and maintainer be sufficient for a package to be valid?

Then the question is how we specify the maintainer properly, for all packages registered it is an email address so far, while fpm new with both bootstrap fpm and Fortran fpm will currently create a name and an email address.

Also, for all packages so far, we have single author projects, which will change once we start porting larger projects to work with fpm, those usually have more than one maintainer and/or author. fpm itself is probably the simplest example for this purpose, there is just a placeholder for the maintainer available right now.
I would suggest to allow or better require the maintainer entry to be an array of strings.
Similar arguments hold for the author field, most packages will have more than one author.

Additionally, I want to add that putting up an email address might not be the easiest way to reach out to the maintainer. Depending on the project emailing the maintainer might work, but usually creating an issue is the preferred way to report bugs or request features, while questions are usually handled by various other platforms, like gitter, zulip or a forum. In short, this information is usually present on the homepage of the project or the projects README.

The copyright fields is especially tricky, since it is not always that easy to pin down. I have projects where I cannot put a copyright statement in one line and even if I could put several lines using a TOML multiline string, those wouldn't apply for the complete project.
Another thing I was wondering, in case a package is dedicated to the public domain (Unlicense, CC0, ...), I wouldn't include a copyright statement at all, due to it being in public domain.

Finally, there seems to be no check if the license fields is actually a valid license or matches the license contained in the package itself. An easy way would be to follow Cargo or conda-forge and require at least a valid SPDX identifier for the license.

@milancurcic
Copy link
Member

I agree. Without going into the specifics of each issue you raised, would the quick fix be to change this:

    # Must be present, copied to json
    required_keys = ["name", "version", "license", "author", 
                       "maintainer", "copyright"]

    # Optionally present, copied to json
    optional_keys = ["description", "executable", "dependencies",
                     "dev-dependencies"]

to

    # Must be present, copied to json
    required_keys = ["name", "license", "maintainer"]

    # Optionally present, copied to json
    optional_keys = ["author", "copyright", "description", "executable", "dependencies",
                     "dev-dependencies", "version"]

in the validate script?

@certik
Copy link
Member

certik commented Oct 5, 2020

Yes, let's improve this. I think we all agree on the issues you raised, we just have to figure out a way to improve it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants