Hi,
On 2024-06-20 22:54, Andreas Enge wrote:
Am Thu, Jun 20, 2024 at 07:42:44PM +0100 schrieb Dale Mellor:
I'm sure guix lint tried to push my code out to them the last time I tried.
Ah indeed, there is this in guix/lint.scm:
(define (check-archival package)
"Check whether PACKAGE's source code is archived on Software Heritage. If
it's not, and if its source code is a VCS snapshot, then send a \"save\"
request to Software Heritage.
It potentially calls this:
(define (save-package-source package)
"Attempt to save the source of PACKAGE on SWH. Return a list of warnings."
Which calls this from swh.scm:
(define* (save-origin url #:optional (type "git"))
"Request URL to be saved."
(call (swh-url "/api/1/origin/save" type "url" url) json->save-reply
http-post*))
So it does not push code, but a URL from which the code can be downloaded.
Thus it requires the code to be available from the Internet; local code
is "safe" from SWH.
Now I do not know what will happen if you save your code as a git
repository at a hidden URL. For instance, does SWH check the license?
I would hope so.
There is documentation of this feature here:
https://archive.softwareheritage.org/api/1/origin/save/doc/
which says this:
Depending of the provided origin url, the save request can either be:
- immediately accepted, for well known code hosting providers like for instance
GitHub or GitLab
- rejected, in case the url is blacklisted by Software Heritage
- put in pending state until a manual check is done in order to determine if it
can be loaded or not
So I suppose that if you submit a hidden, but publicly available URL
pointing to non-free code, the request will be "put in pending state",
manually checked and rejected, and maybe the URL added to the blacklist.
Andreas
For this specific case we could add some flag to the command line like
`--do-not-archive` or something like that.
WDYT?
