Feature #19393
closed
Integrate license information and management
Added by Oliver Hader over 15 years ago.
Updated about 4 years ago.
Category:
Extension Manager
Description
Currently TYPO3 Extensions don't have any information of the license used. This part gets very interesting when the extension acts as a wrapper for third party software (e.g. for phpMyAdmin). Other libraries have a non-commercial (free) and commercial (pay a fee once) license.
License conflicts and notes shall be displayed in a dialog popup and maybe confirmed by the administrator. The ext_emconf.php gets extended by "license" and "licenseNote" properties.
(issue imported from #M9451)
It's not about the regular and only TYPO3 extensions - but more about third party libraries.
Imagine an extension that builds a wrapper for HighslideJS. HighslideJS comes with a non-commercial and commercial license. There shall be a notification dialoag to the administrator which is installing that extension about the license.
It's like installing OpenOffice with the requirement to accept the license - otherwise you cannot install the software package. Of course this applies only to special situations like e.g. for HighslideJS.
+1
In general it seems that license stuff is not treated as important as it should be. Every ext author copies the usual phpDoc header without thinking about it. I like the idea of the additional license config; I then expect that authors make a conscious decision for the license and consider third party licenses.
I'm not sure what will happen if TER hosts an extension that breaches a license (of a possibly embedded third party tool). TYPO3/ Association would be the first place a lawer would contact!!
- Description updated (diff)
- Status changed from New to Accepted
- Target version changed from 0 to 7.0
- PHP Version changed from 5.2 to 5.5
This will be handled by composer planned for 7.5
- Target version changed from 7.0 to 7.1 (Cleanup)
- Target version changed from 7.1 (Cleanup) to 7.3 (Packages)
- Target version changed from 7.3 (Packages) to 7.4 (Backend)
- Target version changed from 7.4 (Backend) to 7.5
- Target version changed from 7.5 to 8 LTS
- Target version changed from 8 LTS to 9.0
- Related to Bug #82774: Check license compatibility upon extension install added
- Related to Task #78144: Evaluate inclusion of spdx info file added
- Target version changed from 9.0 to 9 LTS
- Target version changed from 9 LTS to Candidate for Major Version
- Status changed from Accepted to Needs Feedback
Building functionality to find out which license is used built into a web CMS seems not to be feasable. Especially with composer and "dependencies of dependencies" bundled with NPM/PHP variations that can be put into an extension sounds like a fully separate tool.
Although that I consider this topic important, I'd rather see this built as a "service" (e.g. on extensions.typo3.org) shipping over a list of things via API to be checked remotely. @Olly would that be sufficient for you?
I know that packagist.com offers services as such, and this is really hard to do. I don't see this to be doable by our team within the near to mid future.
I'd recommend using composer based installations and the functionality composer nowadays provide for this purpose: "composer licenses".
The sophisticated solution for things like this is a combination of composer and something like https://docs.gitlab.com/ee/user/compliance/license_compliance/
I'd say let's close this issue.
- Status changed from Needs Feedback to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by