Hi Arnauld, Point is that we have to follow the ASF guidelines . Since we are a downstream project we have to rely on proper license evaluation of all the artifacts and transitive dependencies of the upstream project. Given that it was easy to find a Category X license within that project we cannot assert that everything is in order. It is simply not possible to do this. Upstream has not to follow any regulations from the ASF since it is not an Apache project.
What actually is missing is an email to the project lead pointing to the problem. It is not our duty to fix their licensing problems. Greetings Olaf > Am 23.07.2017 um 21:12 schrieb Arnaud Launay <a...@launay.org>: > > Le Fri, Jul 21, 2017 at 02:02:09PM -0700, Konstantin Boudnik a écrit: >> We cannot assume the responsibility for a 3rd party component that >> violates Foundation's position on the licenses. Nor we have the >> resource to audit and fix the issues ourselves. > > Given the file... Maybe a small email to the author to ask if he > would add another licence ? Especially this one, it's not a > particularly useful file... We don't use hue (yet?), but trashing all > the work that have been put in it just for this seems a bit like > a bulldozer to smash a fly. > > Asking him first would probably be less time-consuming than > removing the stuff altogether :) > > Arnaud.
signature.asc
Description: Message signed with OpenPGP