Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Proget feature request: indicate license rules in all views.
-
Proget visually indicates whether a license is blocked/allowed (or more precisely: whether packages with that licenses can be downloaded) and also whether this is due to an explicit rule or just by default. However, this is only done at the "License Types & Rules" view (Reporting & Software Composition Analysis (SCA) > License Usage > License Types & Rules):
The "License Usage" view just states whether used licenses are allowed or blocked, but it does not indicate whether a license is blocked by an explicit rule or by default:
Same goes for SCA reports or for package information pages: they indicate very prominently whether that packages can be downloaded based on its license, but doesn't reveal whether this is due to an explicit rule or just by default.
The feature request is for Proget to indicate whether there is an explicit rule for a license in all of the views mentioned above.
Why is this needed?
Developers regularly have to add new packages during development of new products, which means that every now and then they will stumble upon a license that hasn't been used so far. Proget has exactly two ways of handling "new" licenses: block or allow.
If we set Proget to block all licenses that have not been explicitly allowed, a developer who is faced with a blocked download currently has no way of knowing whether this is because someone has already made the decision that that specific license cannot be used, or if it's just because nobody has made a decision about that license so far.
If the information whether or not an explicit rule exists for that license was indicated on a view that developers have access to (regular developers do not have access to the aforementioned "License Types & Rules" view), they could go to to whoever is in charge of making that decision and ask them to please review license XYZ and set up an explicit rule for it in Proget.
-
Hi @sebastian ,
This will all get a pretty big overhaul in ProGet 2024. I'll share the details in the coming weeks, but here is a sneak peak:
This is what it would look like when viewing the MyFeed licensing rules:
The "Scope" refers to the name of a policy, and you can create shared policies, so this would mean shared sets of licensing rules. You can also bulk-edit license rules on a policy:
I think the new features will change your workflows a bit... maybe you'll use "Warn"? Or perhaps maybe you won't block Non-compliant packages? So for now, I'd wait and see :)
Alex
-
Hi Alex,
thanks for the feedback and the sneak peak at Proget 2024. Just a little background on how this came up: A developer actually came to me the other day and asked "Hey, can I use packages with license XYZ?", and my initial reply was "Well, just check what our Proget server says about that license" (we also have a written policy on how to handle the most common open source licenses, but it's not as frequently updated as our Proget license rules), but then I realized "Oh wait, you probably can't see whether there is an explicit rule about that license, because you don't have access to the license rule page..."
I'm looking forward to those new features in Proget 2024, and I'm pretty sure they might change some of our workflows. If after testing Proget 2024 I still feel like there is a need for developers to see details about rules, even though they can't edit them, I will update this post.
Have a nice weekend!