Legal notices are incomplete

[dirkriehle]

The legal notices in the Android app are incomplete (these appear to be taken directly from the top-level file THIRD-PARTY-NOTICES). You are missing various bits and pieces that the open source licenses of used components require from you, including attribution, disclaimers, and license files to name the most obvious parts. The details can only be determined through a recursive scan of your open source dependencies.

As an example, consider Hamcrest and JUnit (not sure why you are using JUnit in production but your current notices file says so). You should provide the copyright statement for Hamcrest as well as the disclaimers for JUnit (but don't).

Thank you for the hard work.

[tkowark]

Hi @dirkriehle , thank you for your feedback. It is great to see that there is such a big support group of the Corona-warn-app out there! It has always been our goal to meet the open source compliance requirements, including those for open source legal notices. That being said and given your feedback, we are in the process of reviewing our notices files and correct the information, where necessary.

[LeChasseur]

Unfortunately, we see some critizism about complying with the applicable FOSS licenses. See:
1.
https://www.linkedin.com/pulse/zahlreiche-m%C3%A4ngel-open-source-compliance-bei-der-hendrik-sch%C3%B6ttle
2.
https://dirkriehle.com/2020/06/30/the-german-corona-warn-app-a-legally-defective-product/
Mostly connected with the promotion of compliance services...Nevertheless, proper license compliance matters.
I offer to provide you with pro bono services. If you are interested please contact me for further discussion.

[kirschner]

Additionally to @LeChasseur's offer, I also wanted to highlight the connected issue 413.

[dirkriehle]

Unfortunately, we see some critizism about complying with the applicable FOSS licenses. See:
1.
https://www.linkedin.com/pulse/zahlreiche-m%C3%A4ngel-open-source-compliance-bei-der-hendrik-sch%C3%B6ttle
2.
https://dirkriehle.com/2020/06/30/the-german-corona-warn-app-a-legally-defective-product/
Mostly connected with the promotion of compliance services...Nevertheless, proper license compliance matters.
I offer to provide you with pro bono services. If you are interested please contact me for further discussion.

Ironically, not "compliance services" but "compliance education services".

Your offer is generous (to do the license clearing for the project) but the reason why I did not offer to ask my students is that I don't understand how 20M Euro (the original payment for the software out of the German taxpayers pocket) did not include proper legal notices.

[tkowark]

Thanks again for all your input. Regarding the concrete issues raised: Hamcrest and J-Unit are in fact not delivered with the app and will therefore be removed from the respective view in the app in the next update of the component.

We are further reviewing the remainder of the OSLN and will fix any upcoming issues. If you find concrete problems, please raise them as dedicated Github issues.