incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Piotrowski <>
Subject Re: a new service to monitor licenses on Github repos
Date Tue, 09 Jul 2019 09:05:47 GMT
> See it in action here:

Endless loading spinners for me unfortunately.


Am Di., 9. Juli 2019 um 08:30 Uhr schrieb Maxime Beauchemin
> Hi all,
> [this is not a promotional email in any way, I'm not affiliated with the
> service/company discussed here]
> I just discovered, self described as "Realtime license and
> vulnerability management
> for open source dependencies".
> For context, Apache Superset has a dependency tree rich of 700+ deps (crazy
> right?), at that scale license management is huge burden at best, or worse:
> a legal risk for the ASF.
> Oh btw I tried searching the ASF mailing lists for existing threads on this
> topic but failed miserably, apologies if this has been discussed already.
> I couldn't set up the FOSSA service on the projects repo I'm PMC on as I
> don't have the required Github rights, but I set it up against my fork and
> it's all you could ever hope for in terms of license-related automation.
> See it in action here:
> It seems like we may want to set this up against most if not all ASF
> projects. As the ASF is in the line of fire for legal troubles around
> licensing, it seems like automation/prevention would be strategic,
> especially in a world where micro packages and frequent releases are
> trending. Without using a service like this one, bumping a release, or even
> just allowing an open version range can result in integrating
> non-permissive licenses in a bundle, in ways that could take months to
> catch, if ever.
> For the record I opened a ticket with ASF infra to set it up on
> `apache/incubator-superset`:
> I'm hoping this goes
> smoothly, and that Apache Infra is ok granting the required perms to FOSSA.
> I wanted to bring the attention to this as this seems like something very
> useful for most projects.
> Thoughts?
> Max

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message