add more to why not package managers

2017-03-17 09:25:19 -04:00 · 2017-03-17 09:25:19 -04:00 · 325de73c4b
parent 1b16adfbe3
commit 325de73c4b
1 changed files with 2 additions and 0 deletions
--- a/docs/what-we-look-at.md
+++ b/docs/what-we-look-at.md
@ -35,6 +35,8 @@ Because it's not legally binding. A license is a legal contract. You give up cer

 Most popular licenses today *require* that the license itself be distributed along side the software. Simply putting the letters "MIT" or "GPL" in a configuration file doesn't really meet that requirement. Those files are designed to be read by computers (who can't enter into contracts), not humans (who can). It's great metadata, but that's about it.

+From a practical standpoint, every language has its own package manager (some even have multiple). That means that if you want to detect the license of an arbitrary project, you'll have to implement [100s](https://github.com/github/linguist/tree/master/samples) of package-manager-specific detection strategies. The LICENSE file is a platform-agnostic and unambiguous way to communicate license intention.
+
 ### What about looking to see if the author said something in the readme?

 You could make an argument that, when linked or sufficiently identified, the terms of the license are incorporated by reference, or at least that the author's intent is there. There's a handful of reasons why this isn't ideal. For one, if you're using the MIT or BSD (ISC) license, along with a few others, there's templematic language, like the copyright notice, which would go unfilled.