> It looks like additional third-party code might also be in the release, but it is difficult to tell.
Yeah. The result gives a lot of noise. I run SCANOSS locally, and don't find any other third-party code included: * Many of the reference to streamx is the original project before StreamPark donated to the ASF. * Some false positive on testing assertions utils. Match rate < 50%, file is small, and those utilities are trivial. Even when I go to the "origins", they are lost or changed a lot. Clearly not the same origin. * streampark-console is reported to be the same as a few frontend projects, where we know that it's because we copy the sources from vue-vben-admin and we convey the license info now. To sum up, AFAICS there is no more potential violation. Best, tison. tison <wander4...@gmail.com> 于2024年4月29日周一 16:26写道: > > vue-vben-admin is under MIT[1] license, In the LICENST[2] file of > > StreamPark, we listed which files are copied from vue-vben-admin > > The issue here is that, as MIT license writes: > > > The above copyright notice and this permission notice shall be included > in all copies or substantial portions of the Software. > > But the "copyright notice and this permission notice" of vue-vben-admin, > i.e., LICENSE-vue-vben-admin.txt added at [10] doesn't included in the > source releases of streampark and that is the issue. I suppose you also > check if you distribute streampark-console at your binary release, and if > so, ensure that the binary release contains a copy of this license file > also. > > [10] https://github.com/apache/incubator-streampark/pull/3689 > > Best, > tison. > > > Huajie Wang <benj...@apache.org> 于2024年4月29日周一 16:16写道: > >> > So a condition of including MIT licensed code is to include the relevant >> MIT license text. That seems to be missing for for vue-vben-admin , as I >> can’t find it anywhere in the release >> >> vue-vben-admin is under MIT[1] license, In the LICENST[2] file of >> StreamPark, we listed which files are copied from vue-vben-admin >> >> [1] https://github.com/vbenjs/vue-vben-admin/blob/main/LICENSE [2] >> >> https://github.com/apache/incubator-streampark/blob/release-2.1.4-rc1/LICENSE#L228 >> >> Best, >> Huajie Wang >> >> >> >> Best, >> Huajie Wang >> >> >> >> Justin Mclean <jus...@classsoftware.com> 于2024年4月29日周一 15:32写道: >> >> > Hi, >> > >> > -1 (binding) from me >> > >> > I checked: >> > - incubating in name >> > - signatures and hashes correct >> > - disclaimer exists >> > - LICENSE is missing some info on the MIT license >> > - NOTICE looks fine >> > - I didn't compile from source >> > >> > So a condition of including MIT licensed code is to include the relevant >> > MIT license text. That seems to be missing for for vue-vben-admin , as I >> > can’t find it anywhere in the release. Oddly, the license file here [1] >> is >> > an Apache one, not an MIT one, and it also fails to mention the MIT code >> > under it. >> > >> > It looks like additional third-party code might also be in the release, >> > but it is difficult to tell. I think you should run SCANOSS ( >> > https://www.softwaretransparency.org/download) on your release and look >> > into its results. >> > >> > Kind Regards, >> > Justin >> > >> > >> > 1. streampark-console/streampark-console-webapp/LICENSE >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> > For additional commands, e-mail: general-h...@incubator.apache.org >> > >> > >> >
