Ticket search results

Upgrade requests. and more

Dave Brondsema — Fri, 23 Sep 2022 16:10:16 -0000

[#8386] did some crazy hacks to remove our dep on `chardet` (LGPL licensed which is no good). Further discussion at https://issues.apache.org/jira/browse/LEGAL-572 We can upgrade and undo that because requests 2.26.0 changed its dependency. https://docs.python-requests.org/en/latest/community/updates/ says: > Instead of chardet, use the MIT-licensed charset_normalizer for Python3 to remove license ambiguity for projects bundling requests. Other upgrades would be good too

CC-BY 4.0 and SIL Open Font License

Dave Brondsema — Fri, 23 Sep 2022 16:10:15 -0000

Reported on the dev list: The license file mentions two licenses CC-BY 4.0 and the SIL Open Font License, both of these licenses are Category B and in general shouldn't be included in a source release. https://www.apache.org/legal/resolved.html#category-b https://www.apache.org/legal/resolved.html#cc-sa

review licenses of python dependencies

Dave Brondsema — Fri, 10 Sep 2021 18:41:54 -0000

I came across https://pypi.org/project/liccheck/ and thought we should see what it reports for Allura. With a .ini file like ``` [Licenses] authorized_licenses: bsd new bsd bsd license new bsd license simplified bsd apache apache 2.0 apache software license Apache Software mit mit license python software foundation license ``` output is: ``` $ liccheck -r requirements.txt -s lic.ini gathering licenses... 94 packages and dependencies. check authorized packages... 81 packages. check unknown packages... 13 packages. certifi (2019.6.16): ['MPL-2.0', 'Mozilla Public License 2.0 (MPL 2.0)'] dependencies: certifi << requests << pysolr certifi << requests << requests-oauthlib chardet (3.0.4): ['GNU Library or Lesser General Public License (LGPL)', 'LGPL'] dependencies: chardet << requests << pysolr chardet << requests << requests-oauthlib colander (1.7.0): ['BSD-derived (http://www.repoze.org/LICENSE.txt)'] dependency: colander feedparser (5.2.1): UNKNOWN dependency: feedparser ipaddress (1.0.22): ['Python Software Foundation'] dependency: ipaddress nose (1.3.7): ['GNU LGPL', 'GNU Library or Lesser General Public License (LGPL)'] dependency: nose pexpect (4.7.0): ['ISC', 'ISC License (ISCL)'] dependency: pexpect << ipython Pillow (6.2.2): ['Historical Permission Notice and Disclaimer (HPND)', 'HPND'] dependency: Pillow ptyprocess (0.6.0): ['ISC License (ISCL)'] dependency: ptyprocess << pexpect << ipython repoze.lru (0.7): ['BSD-derived (http://www.repoze.org/LICENSE.txt)'] dependency: repoze.lru << TurboGears2 simplegeneric (0.8.1): ['ZPL 2.1', 'Zope Public'] dependency: simplegeneric << ipython translationstring (1.3): ['BSD-like (http://repoze.org/license.html)'] dependency: translationstring << colander waitress (1.4.3): ['ZPL 2.1', 'Zope Public'] dependency: waitress << WebTest ``` - MPL is ok according to https://apache.org/legal/resolved.html#category-b but should be labelled (in NOTICE or LICENSE) - `chardet` LGPL is not good. - we use it directly and requests lib uses it and doesn't intend to change https://github.com/psf/requests/issues/3389 - chardet won't change their license: https://github.com/chardet/chardet/issues/36 - alternatives: https://github.com/Ousret/charset_normalizer or https://github.com/PyYoshi/cChardet (MPL multi licensed? https://github.com/PyYoshi/cChardet/issues/54) - another ASF project has discussed a bit at https://github.com/apache/airflow/issues/10667 - latest: https://github.com/psf/requests/pull/5797 - `nose` LGPL is not good - it is mostly a test runner, but we do import 'nose' modules within our tests - should switch to `pytest` anyway since nose isn't maintained - BSD-derived, BSD-like, ZPL, ISC, HPND are a like BSD/MIT and should be fine - `feedparser` is BSD 2-clause https://github.com/kurtmckee/feedparser/blob/develop/LICENSE

Switch from React to Preact - or upgrade to React 16

Dave Brondsema — Mon, 05 Feb 2018 17:00:54 -0000

Facebooks BSD+Patents license, used for React, is not compatible with ASF policies. https://www.apache.org/legal/resolved#category-x We need to switch, e.g. to https://preactjs.com/ We use React for the admin/edit mode in the project menu, phone verification dialog, and subscribing to individual pages.

Fix licensing of several files

Dave Brondsema — Mon, 30 Nov 2015 17:31:21 -0000

* Allura/allura/public/nf/js/pb.transformie.min.js * MIT license * Allura/allura/lib/widgets/resources/css/jquery.tagsinput.css * corresponding JS is MIT * Allura/allura/lib/widgets/resources/css/colorPicker.css * corresponding JS is MIT * Allura/allura/lib/widgets/resources/css/jqfontselector.css * corresponding JS is MIT * Allura/allura/public/nf/css/forge/hilite.css * from commit 86903da02f87a2aba44c33ab5a12bbe19f638c7f * similar looking stuff here, not sure of actual source: * https://github.com/modocache/modocachejp/blob/master/modocachejp/static/less/codehilite.less * https://gist.github.com/theodox/4fefeb539f1d8ec341b0 * several Makefile, make.bat for sphinx * BSD

Remove jquery.file_chooser.js

Dave Brondsema — Mon, 30 Nov 2015 15:35:27 -0000

This file is of unknown provenance. It also appears at and that is a GPL project. The FileChooser widget is not used, so we can remove it.