On Mon, 31 Jul 2023 00:52:38 -0400 bill-auger wrote: > imagine pulling and packaging every > repo from github automatically, based only on github's license detector - > would > you really consider that as properly audited?
presuming that the answer is "no - that would be crazy", i will add that github's license detector is far more reliable information than the metadata these package have access to github's license detector is actually based on _a_ file it found in the code-base - im quite certain that the licensing declaration for most TPPMs is simply a drop-down GUI selection, or handwritten 'MIT' in a metadata file - the actual code-base may not mention a single word about licensing, and even if licensed properly, the code-base could actually be under a different license or multiple licenses