mobile_app_open
mobile_app_open copied to clipboard
mlcommons
Collecting licenses of the 3rd party components we used
Let's try to list all the 3rd party components and corresponding licenses we used.
- [ ] flutter
- [ ] flutter plugins
- [ ] tensorflow
- [ ] third-party components used by tensorflow, e.g., libjpg, libpng
- [ ] any other licenses?
I've used anchor/syft to generate the SBOM (Software list of materials). More info is here: https://github.com/anchore/syft Next, by using sbom-utility: https://github.com/CycloneDX/sbom-utility, I've generated the list of the licenses. The only drawback is the duplication, which we can resolve.
Please find attached sbom, and licenses files licenses.txt sbom.json
@RSMNYS Please try to use syft and sbom-util, so that we can automatically generate "licenses.txt" in our current CI/CD. Please try to send a PR for this.
here are the instructions how to generate sbom and then convert to the list of licenses:
Install syft
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
Run syft from the directory
syft -o cyclonedx-json . --exclude './react' > sbom-cyclonedx.json --verbose
convert sbom to the licenses list
./sbom-utility license list -i /Volumes/work/Programming/ScopicSoftware/MLCommons/mobile/sbom-cyclonedx.json --summary --quiet -o licenses.txt
While this works to some degree, I found another tool that is used for the licenses check: scancode-toolkit ( https://github.com/nexB/scancode-toolkit). It scans through the files and trying to find the licenses in those. And looks like it identifies more licenses than the approach above. The output is in the json, so we can use some script to extract the info.
@freedomtan @anhappdev I found yet another tool, I'm using a free version of it, and results are really good. And we can use the free version for our needs. I'm attaching the list that the tool is able to generate. Furthermore we can use the API to fully automate it. Please check.
https://fossa.com
@RSMNYS please try to group packages with the same license together and then talk to Scott (@nathanw-mlc I don't know Scott's handle).
Let's ping Scott @swasson488 after @RSMNYS finish the grouping of licenses.
Hi guys! Here is the grouped licenses. Prepared the python script which parses the output from fossa service, and groups packages by license type. grouped_packages_licenses.txt
@RSMNYS to check with some legal guys to see if we can further reduce the file size.
Thanks, folks. Do let me know if there's any further consolidation possible. Otherwise, this is still very helpful and yeah, lots of different components with at least two different licenses.
Scott
On Tue, May 14, 2024 at 12:16 AM Koan-Sin Tan @.***> wrote:
@RSMNYS https://github.com/RSMNYS to check with some legal guys to see if we can further reduce the file size.
— Reply to this email directly, view it on GitHub https://github.com/mlcommons/mobile_app_open/issues/873#issuecomment-2109302688, or unsubscribe https://github.com/notifications/unsubscribe-auth/BFC3WA5BPNH2DIQKEDLCXKTZCGM4FAVCNFSM6AAAAABFWL2WSOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBZGMYDENRYHA . You are receiving this because you were mentioned.Message ID: @.***>
I spent some time testing the https://fossa.com mentioned by @RSMNYS. I think the HTML version of the report looks quite good and we can include it either in the app as HTML file or as a web link: https://app.fossa.com/reports/eb25eabe-7e15-45fb-ac34-b1f1cd848b03
They also has warnings for possible licensing issue: https://app.fossa.com/projects/custom%2B44937%2Fmobile_app_open-master
@RSMNYS to check with some legal guys to see if we can further reduce the file size.
Hi guys! We can do this in such way.
- Have the licenses directory in the app (for 3rd party licenses). And create the license file, which will have next structure:
MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
This project makes use of the following third-party packages under the MIT License:
-
Package1
- Copyright (c) 2024 Author1
-
Package2
- Copyright (c) 2024 Author2
So, first license text, then only package name and copyrights.
- Also we can include the license section in Readme.md like so:
Licenses
This project is licensed under the Apache 2.0. License. For the full license text, see the LICENSE file.
Third-Party Licenses
This project includes third-party libraries that are licensed under various open-source licenses. The full text of these licenses can be found in the LICENSES directory.
For more details, see the LICENSE file and the LICENSES directory.
I spent some time testing the https://fossa.com mentioned by @RSMNYS. I think the HTML version of the report looks quite good and we can include it either in the app as HTML file or as a web link: https://app.fossa.com/reports/eb25eabe-7e15-45fb-ac34-b1f1cd848b03
The HTML version looks good.
They also has warnings for possible licensing issue: https://app.fossa.com/projects/custom%2B44937%2Fmobile_app_open-master
Let's try to check out those possible issues.
@RSMNYS to check with some legal guys to see if we can further reduce the file size.
Hi guys! We can do this in such way.
- Have the licenses directory in the app (for 3rd party licenses). And create the license file, which will have next structure:
MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
This project makes use of the following third-party packages under the MIT License:
Package1
- Copyright (c) 2024 Author1
Package2
- Copyright (c) 2024 Author2
So, first license text, then only package name and copyrights.
- Also we can include the license section in Readme.md like so:
Licenses
This project is licensed under the Apache 2.0. License. For the full license text, see the LICENSE file.
Third-Party Licenses
This project includes third-party libraries that are licensed under various open-source licenses. The full text of these licenses can be found in the
LICENSESdirectory.For more details, see the LICENSE file and the
LICENSESdirectory.
Let's do it.
@TheKanter and @swasson488: Samsung guys said no need for additional redistribution licenses under MLCommons contract. Let's finish the EULA and other licenses.