Old dependencies in code, some with license issues #1013
Labels
dependencies
Issues and Pull Requests involving the dependencies of BoxBilling.
deprecated
For issues or pull requests involving fixes or replacements made to deprecated dependencies.
legal
Legal stuff like licenses, trademarks
needs discussion
List of dependencies I've found that are old and either should be moved in to a package manager, removed entirely, or otherwise dealt with.
File/directory: src/bb-library/PdoSessionHandler.php
License: MIT License (ok as is!)
Status: likely from pre-2012 and could do with an update, comes from Symmfony's HttpFoundation-- https://github.com/symfony/http-foundation/blob/5.3/Session/Storage/Handler/PdoSessionHandler.php.
File/directory: src/bb-library/php-gettext/
License: GPLv2 (problem!!!) -- all versions with this are in violation of the GPL.
Status: likely from pre-2012 (2009?), available from https://launchpad.net/php-gettext. Is this super needed or do we just start to require gettext/find another alternative?
Possibly solved by #794
File/directory: src/bb-library/Registrar/includes/CNic
License: GPL -- all versions with this are in violation of the GPL.
Status: from 2011, can't find any version that is new/up to date - used for CentralNIC domains but I do not see an adapter for CentralNIC in the main repository and it is GPL so we should probably remove it.
Solved by #1012
File/directory: src/bb-library/Registrar/includes/opensrs
License: MIT License
Status: from pre-2014, has been updated and is now available in Composer - we do not have any usage of this library in the main repository from my checks, so we should probably remove it. This package also relies on mcyrpt, as mentioned in #1010
Solved by #1012
File/directory: src/bb-library/tfpdf.php
License: LGPL (ok!)
Status: Looks relatively up to date (August 2020) and seems to be maintained code by BB and author. It is available in Composer however, so may be worth looking in to moving there at some point.
File/directory: src/bb-modules/Spamchecker/akismet.curl.class.php
License: GPLv3 -- all versions with this are in violation of the GPL.
Status: From 2008, has not been updated and repo is in Google Code, so could be considered abandoned.
File/directory: src/bb-modules/Spamchecker/recaptchalib.php
License: BSD derivative (ok!)
Status: From 2007, this uses reCaptchav1, iirc - which is dead now. This needs replacing.
File/directory: src/bb-modules/Servicecentovacast/ccapiclient.php
License: Unknown, likely non-free
Status: From 2008, CentovaCast has updated significantly since then and also this client was always meant to be an example rather than actually to be used in production.
File/directory: src/bb-modules/Servicecentovacast/class_HTTPRetriever.php
License: GPLv2+ -- all versions with this are in violation of the GPL.
Status: From 2009, HTTP 1.1 client in PHP. Only used by this library. Even ignoring license issues, seems like this should go too.
The text was updated successfully, but these errors were encountered: