I've made a ticket for removing the possibly-GPL file, and all the related code that isn't used: https://forge-allura.apache.org/p/allura/tickets/8026/ And another ticket for the rest of the fixes: https://forge-allura.apache.org/p/allura/tickets/8027/
The hilite.css file I did find out comes straight out of a pygments tool, so we know the source for that now. I've asked on the Apache legal discuss list what we need to do, first response came in right away - just make a release relatively soon and that's it. http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201511.mbox/%3C5653532E.9060907%40apache.org%3E -Dave On 11/20/15 3:50 PM, Roberto Galoppini wrote: > 2015-11-20 21:44 GMT+01:00 Dave Brondsema <[email protected]>: > >> Back during incubation, we added the standard license header to a LOT of >> our >> source files. That was done in this commit: >> >> https://forge-allura.apache.org/p/allura/git/ci/ddf08c46381352d02accc7a9f6d9878cfad8695b/ >> >> I noticed today a few .js files had that header even though they weren't >> produced by us on the Allura team. They are 3rd-party js libraries that we >> copied into our repo. So I scanned & reviewed the other files from that >> big >> commit and found several more. Here's what I found: >> >> Allura/allura/lib/widgets/resources/js/jquery.file_chooser.js >> appears to be from >> >> https://code.google.com/p/video-sidebar/source/browse/trunk/[email protected]/chrome/content/file_chooser.js?r=109 >> ?? >> and that is GPL >> but the FileChooser widget isn't actually used, so we could remove it >> > > We should do at least this right away. > > > >> Allura/allura/public/nf/js/pb.transformie.min.js >> MIT license >> Allura/allura/lib/widgets/resources/css/jquery.tagsinput.css >> corresponding JS is MIT >> Allura/allura/lib/widgets/resources/css/colorPicker.css >> corresponding JS is MIT >> Allura/allura/lib/widgets/resources/css/jqfontselector.css >> corresponding JS is MIT >> Allura/allura/public/nf/css/forge/hilite.css >> from commit 86903da02f87a2aba44c33ab5a12bbe19f638c7f >> similar looking stuff here, not sure of actual source: >> >> >> https://github.com/modocache/modocachejp/blob/master/modocachejp/static/less/codehilite.less >> https://gist.github.com/theodox/4fefeb539f1d8ec341b0 >> several Makefile, make.bat for sphinx >> BSD >> >> >> We'll need to double check these, update the license header within the >> files, >> and the corresponding LICENSE mentions. >> >> I am not sure if this has any impact on our previous releases, I'm >> guessing not >> since what's done is done, and none of these are super bad problems. But >> I am >> not 100% sure. >> > > How about asking Legal? I believe Sam Ruby would be the best person to ask. > > Roberto > > >> >> >> >> -- >> Dave Brondsema : [email protected] >> http://www.brondsema.net : personal >> http://www.splike.com : programming >> <>< >> > -- Dave Brondsema : [email protected] http://www.brondsema.net : personal http://www.splike.com : programming <><
