arl/gitmux

[FEATURE] Add the LICENSE file to the binary tar.gz archives in releases

Antiz96 opened this issue ยท 5 comments

Hi,
First of all, thanks for your awesome with gitmux !

Is your feature request related to a problem? Please describe.
Not necessarily a problem but it would better suit the best practice in terms of licensing as it implies to include the license file with your project, which is not the case when installing gitmux via Binary release as you only get the binary (and not the LICENSE) in the tar.gz archive.

Also, I maintain the gitmux-bin AUR package and this request would make the maintenance easier on my side.
Indeed, gitmux being protected by the MIT license, I have to include the LICENSE file (in addition to the binary) during the installation process (see https://wiki.archlinux.org/title/PKGBUILD#license). As the LICENSE file is not included in the binary tar.gz archive itself, I have to get it directly from the GitHub repo.
While grabbing the LICENSE file directly from the GitHub repo is not an issue from a technical stand point, the Arch-Linux packaging guidelines and best-practices imply to check the integrity of every downloaded resources through their hashes before the installation process, for obvious security reason.
According to that, the installation process of the gitmux-bin AUR package depends on the integrity of a file that is subject to change without necessarily leading to a new release. In other words, a change of the LICENSE file on the GitHub repo can make the build fail even tho there's no new release nor changes to the binary (until I update the hash of the LICENSE file accordingly in the PKGBUILD and publish the update).
If the file was provided in the binary tar.gz archive directly, I would not have to rely on its hash, as verifying the integrity of the archives itself would be enough (preventing the possibility of a failed build because of a change in the LICENSE file on the GitHub repo).
The tar.gz archives would then be enough to deliver both the binary and the LICENSE file.

Describe the solution you'd like
Adding the LICENSE file into the different binary tar.gz archives in releases.

Describe alternatives you've considered
While not being as "clean" as the solution described above, an alternative would be to add the LICENSE file directly to the releases assets.
It will make the maintenance on my side a little bit easier as grabbing the LICENSE file from the release guarantee that it will not change (thus nor its hash) until the next release but that's still an additional file to download and check during the install process. Also, this alternative will not change the fact that the MIT custom license will not be provided to people that install gitmux via Binary release .

Additional context
I'm aware that the LICENSE file shouldn't be modified too frequently and thus the above described case might be pretty rare.
On the other hand, I assume this change is fairly easy to do and would improve the binary tar.gz archives structure and the maintenance of the gitmux-bin AUR package, hence my suggestion :)

Thanks for your awesome work BTW !

arl commented

Hi @Antiz96 and thanks for the kind words.
Your request seems totally legit.
Will do.

arl commented

@Antiz96 Great work with the AUR package, thanks for doing that.
I think I should mention that in the README.

arl commented

@Antiz96 I've cut a new release v0.7.10. Archives now contain LICENSE, plus I've added the README.
Let me know if that works for you
https://github.com/arl/gitmux/releases/latest

Hi @arl,

@Antiz96 Great work with the AUR package, thanks for doing that. I think I should mention that in the README.

Thank you, I appreciate it! Indeed, that could be cool to mention it in the README. I'll make you a PR for this if that's okay for you ;)

@Antiz96 I've cut a new release v0.7.10. Archives now contain LICENSE, plus I've added the README. Let me know if that works for you https://github.com/arl/gitmux/releases/latest

That's perfect ! I updated the gitmux-bin AUR package to v0.7.10 accordingly so it now delivers both the LICENSE and the README.md files directly from the binary archive.
Thanks a lot for your actions!

arl commented

I'll make you a PR for this if that's okay for you ;)

Of course, that'd be great.

We could add a third section in the installation instructions. I think it could be put after the Binary Release and From Source sub-sections.
Much appreciated!