Apache-licensed code has been borrowed with violation of license requirements
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Fix Released
|
High
|
Ian Booth | ||
1.23 |
Fix Released
|
High
|
Ian Booth |
Bug Description
File in question: https:/
If you look at the line 131 (https:/
This code is licensed under Apache-2.0 licence and has Copyright 2012 Aaron Jensen in its text. Apache-2.0 license requires us to obey the following rules while borrowing code:
> (a) You must give any other recipients of the Work or Derivative Works a copy of this License;
We don't have Apache license in the juju repo.
> (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark <...>
'Copyright 2012 Aaron Jensen' has been lost and we don't have it in the juju repo.
> (b) You must cause any modified files to carry prominent notices stating that You changed the files;
I'm not sure how to read this request correctly. Maybe we need to tell if we changed the code or borrowed it as-is.
===============
While this issues is relatively easy to fix it looks pretty significant to me. It's practically impossible to find such issues in the code. I did it by chance and wonder how many issues of the same sort I missed. We may want to come up with a procedure to prevent such issues in the future.
Please note that this issue is not just 'ah, we forget to put license and copyright, let's do it and we're done'. Hopefully, Apache license is compatible with AGPL. But I don't think that anyone checked this while borrowing code. But what if we borrow something with incompatible license? We'd be required to re-write the code in a great hurry to be able to release it.
Changed in juju-core: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → 1.24-alpha1 |
tags: | added: packaging |
Changed in juju-core: | |
assignee: | nobody → Ian Booth (wallyworld) |
status: | Triaged → Fix Committed |
tags: | added: tech-debt |
Changed in juju-core: | |
status: | Fix Committed → Fix Released |
Same external code has been added to the following file as well: /github. com/juju/ juju/blob/ master/ environs/ cloudinit/ windows_ userdata_ test.go# L133
https:/