FYI: the General registry now checks for an OSI-approved software license when registering new packages and new versions

Some of you may have noticed this in the last few days since we turned the check on in https://github.com/JuliaRegistries/General/pull/31535. This announcement is to just make sure everyone knows and is not caught at a bad time when trying to make a quick patch release.

What’s the General registry?

It’s a registry of packages that is automatically included with Julia, and is what is used to look up packages for Pkg.add(...) or ] add .... By adding your package to General, you let anyone easily use it or use it as a dependency in their packages. It’s located on GitHub here: https://github.com/JuliaRegistries/General.

Packages and new versions of packages are proposed by automatically-generated pull requests, using Registrator.jl or JuliaHub.com. Merging those pull requests adds the package or new version of the package to the registry.

What is a software license?

When you write a piece of code, you own the rights to it, particularly the copyright. Other people don’t automatically have the right to download or use your code; you need to give them a license to do so. A software license is a piece of text saying who can use your code for what purposes and under what conditions, usually written in a file called LICENSE or LICENSE.md.

What does the check do?

If you try to register a new package or a new version of a package that doesn’t have an “OSI-approved license”, the pull request associated with the registration won’t be automatically merged into General.

AutoMerge is a piece of tooling in RegistryCI that performs some automatic checks of various guidelines (which are all listed here: https://github.com/JuliaRegistries/General#automatic-merging-of-pull-requests), and if all the guidelines are met, it merges the pull request. AutoMerge was added in the fall of 2019 to replace manual review of every pull request.

What is an OSI-approved license?

The Open Source Initiative curates a list of licenses which fit its definition of “open source”; in short, they are licenses which provide rights that allow the software to be “freely used, modified, and shared” (see https://opensource.org/licenses for more and a list of approved licenses, which includes many common ones like MIT, GPLv3, etc.).

The General registry is maintained by volunteers (like me) and we don’t have a legal team to look at all sorts of license variants and see which ones give the appropriate rights for packages to be used freely in General. Therefore we stick to only allowing OSI-approved licenses.

Do I need a OSI-approved license?

Yes. From the README of General:

Registered packages must have an Open Source Initiative approved license, clearly marked via a LICENSE.md, LICENSE, COPYING or similarly named file in the package repository. Packages that wrap proprietary libraries are acceptable if the licenses of those libraries permit open source distribution of the Julia wrapper code.

This rule is not new, and in fact it goes back to the days of METADATA.jl, the precursor to General, and was originally added in METADATA.jl#3788 in October 2015. The new piece being announced here is the automatic check to try to verify that this policy is being upheld.

However, while you need to comply with this policy, it’s not essential that the AutoMerge check passes; if the AutoMerge check fails but you do have a valid OSI-approved license, please explain the situation and ask for a manual merge in the pull request or in the #pkg-registration channel on Slack.

21 Likes