New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Project includes a dependancy that has a license that forbids its use #3563
Comments
Thanks for the heads up! @yaron2 @artursouza this seems like it was introduced recently by PR #3158. Should this change be reverted? |
Still need to consider adding a license checker in case this issue occurs again. |
This is only used in the test (and thus not.compiled and distributed in our binaries). We should not revert the entire PR, just rewrite the test. |
Also thanks for reporting @notbasetwo |
Nope, before the License, it's All rights reserved. |
The T&C of GH imply you can use it due to the fact it's in a public repository. You would probably need to add it as a submodule just in case, because the terms say the grant applies when accessed via the GH service. See clause 5:
Emphasis mine. |
@Oppen - GH's terms of service do not override the library's license. |
The keyphrase here is "through the GitHub Service". That doesn't give you permission to use it on your own machine. It gives you permission to eye up the repository. There are no complicated legal matters here - this is proprietary software with a license that does not permit it's usage. Even if on a technicality it may not stand up somewhere, it is also not in the spirit of FLOSS development to break the terms of a license. |
No, but the agreement grants special rights besides the license. It's essentially similar to dual licensing 🤷
That's true.
That's a completely different discussion. |
Thanks for the participation everyone, this is now closed with #3570. |
I'm so sorry for my ignore to check package license,there are any way to auto check license when push a pr?I found some license check tools like google/go-licenses @yaron2 |
Please, create an issue with this proposal. I think it is interesting. |
Dapr depends on bouk/monkey, which has a license that forbids anybody to use it.
The license is as follows:
The package seems to be used in pkg/components/standalone_loader_test.go.
RELEASE NOTE: N/A
The text was updated successfully, but these errors were encountered: