scep icon indicating copy to clipboard operation
scep copied to clipboard

Published 20 hours ago verified publisher icon micromdm

dependency lacks license

Open pymnh opened this issue 3 years ago • 3 comments

I am working on getting this software into debian.

Unfortunately, one dependency of scep, github.com/groob/finalizer, has no license. debian does not include any non-free licensed source code (including build-dependencies), and distributing non-licensed code is even illegal since no license means all rights reserved by the author.

I have opened an issue but received no answer from @groob If you have other ways to get their attention on this or know some other solution to the issue I'd be very thankful

pymnh avatar Aug 03 '21 09:08 pymnh

I think we can remove the logutil.NewHTTPLogger(logger).LoggingFinalizer part to get rid of the dependency because IIRC, that is the only line that we need this dependency for. This line is needed for post-http request logging. IMO, it is not a crucial part.

omorsi avatar Aug 03 '21 09:08 omorsi

I added the license, but as omorsi mentions, the extra debug line is not critical. I'd accept a change which removes the need for this dependency, either by skipping over the http logging (with a tracking TODO issue), or something that uses github.com/felixge/httpsnoop instead.

Example of what I have in mind: https://github.com/micromdm/micromdm/blob/e96b8d0cf53fc61e7eb203d9f5d72ed2334238c7/pkg/log/http.go

groob avatar Aug 06 '21 03:08 groob

oupsie, I forgot to reply to you @omorsi thanks for the suggestion! I added a downstream patch removing the dependency on finalizer and uploaded the package.

however, now that the license issue is fixed (thanks @groob) I would just upload finalizer too and revert the debian patch once finalizer has found its way into the debian buildservers

pymnh avatar Aug 06 '21 14:08 pymnh