[jira] [Updated] (DRILL-8500) review 3rd party source code borrowed into Apache Drill

[PJ Fanning (Jira)]

     [ 
https://issues.apache.org/jira/browse/DRILL-8500?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

PJ Fanning updated DRILL-8500:
------------------------------
    Description: 
based on the comment:
https://github.com/apache/drill/pull/2918#pullrequestreview-2141938793

Any source that Apache Drill has borrowed from a 3rd party code base needs to 
be documented in our LICENSE and possibly NOTICE (if that 3rd party code base 
has a NOTICE file - we need to copy its contents into ours).

I used https://github.com/scanoss/sbom-workbench to look at the Drill source 
and there are files that we should investigate.
In general, the biggest issues seem to be with files in the 'contrib' area and 
a lot of them are Javascript files. Also test data files, many are binaries and 
the SBOM Workbench tool is suspicious that some of them have licensing 
implications.

  was:
based on the comment:
https://github.com/apache/drill/pull/2918#pullrequestreview-2141938793

Any source that Apache Drill has borrowed from a 3rd party code base needs to 
be documented in our LICENSE and possibly NOTICE (if that 3rd party code base 
has a NOTICE file - we need to copy its contents into ours).

I used https://github.com/scanoss/sbom-workbench to look at the Drill source 
and there are files that we should investigate.
In general, the biggest issues seem to be with files in the 'contrib' area and 
a lot of them are Javascript files.


> review 3rd party source code borrowed into Apache Drill
> -------------------------------------------------------
>
>                 Key: DRILL-8500
>                 URL: https://issues.apache.org/jira/browse/DRILL-8500
>             Project: Apache Drill
>          Issue Type: Task
>            Reporter: PJ Fanning
>            Priority: Major
>
> based on the comment:
> https://github.com/apache/drill/pull/2918#pullrequestreview-2141938793
> Any source that Apache Drill has borrowed from a 3rd party code base needs to 
> be documented in our LICENSE and possibly NOTICE (if that 3rd party code base 
> has a NOTICE file - we need to copy its contents into ours).
> I used https://github.com/scanoss/sbom-workbench to look at the Drill source 
> and there are files that we should investigate.
> In general, the biggest issues seem to be with files in the 'contrib' area 
> and a lot of them are Javascript files. Also test data files, many are 
> binaries and the SBOM Workbench tool is suspicious that some of them have 
> licensing implications.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)