incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Looking for Champion
Date Fri, 08 Jun 2018 18:10:49 GMT
Yuck. That’s a mess. That is one very large diff.

I see a few files related to AES the were GPL converted to Apache which not allowed.
Copyrights were changed too which is also incorrect.

Changes to this file be/src/http/mongoose.h <https://github.com/baidu/palo/commit/6486be64c319fe0beb8c6b4430c1662de54f182e#diff-586168bd25cfbf3bc8bc1b52abc4206c>
violate license and copyright of Sergey Lyubka

GitHub makes you expand each diff after awhile.

There are dependency licenses that might be issues too.

These licenses have not been evaluated by LEGAL.
* OpenLdap (OpenLDAP Software License)
	http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=e5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1
* rapidjson (Tencent)
	Unknown
* cyrus-sasl (CMU License)
	https://spdx.org/licenses/MIT-CMU.html
	AKA MIT-CMU

Lots of work in evaluating licenses.

> On Jun 8, 2018, at 9:46 AM, Ted Dunning <ted.dunning@gmail.com> wrote:
> 
> Ouch.
> 
> The copyright in question was attached to code from the source code for
> mySQL. There is no way that code can be in an Apache project.
> 
> Given the cut and paste history, it seems like it will require a very
> detailed audit of code history or web searches to find where the original
> code came from. The my_aes.c and .h files, for instance, have no hint in
> their history that they came from GPL'ed code.

Yeah. Lot’s of oversight.

If we accept this proposal we need a Mentor who has time to help with this mess.

I don’t know that I have the time to lead that effort. Anyone?

Regards,
Dave

> 
> On Fri, Jun 8, 2018 at 5:37 PM Todd Lipcon <todd@cloudera.com> wrote:
> 
>> ...
>> 
>> +1. Also briefly browsing the code I found suspicious commits like this
>> one:
>> 
>> https://github.com/baidu/palo/commit/6486be64c319fe0beb8c6b4430c1662de54f182e
>> 
>> ... in which a GPL license copyright by Oracle was "fixed" to be an Apache
>> license copyright Baidu.
>> 
>> So if this project does enter incubation I think we should be extra careful
>> to audit the origins of all of the source code.
>> 
>> 


Mime
View raw message