>
>
> 2. LICENSES: Every opam package comes with a license which should help
> companies to choose which ones to use.  For the problem Hongbo mentioned,
> maybe one could develop a tool that does the following: given a white-list
> of licenses that the company has agreed are OK (e.g. ISC) and a list of
> opam packages, the tool would warn if any of the (recursive) dependencies
> does not have a “good” license.


Here is an example of a script that provides (almost) such a tool

```
PACKAGES=irmin
for p in $(opam list --recursive --short --sort --required-by $PACKAGES); do
   echo "$p $(opam show $p -f license)"
done
```

The name of the licenses could probably be standardized a bit to make it
easier to come up with white-lists.