Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Legal notices are incomplete #793

Closed
dirkriehle opened this issue Jun 30, 2020 · 5 comments · Fixed by #870
Closed

Legal notices are incomplete #793

dirkriehle opened this issue Jun 30, 2020 · 5 comments · Fixed by #870
Labels
bug community documentation

Comments

@dirkriehle
Copy link

dirkriehle commented Jun 30, 2020

The legal notices in the Android app are incomplete (these appear to be taken directly from the top-level file THIRD-PARTY-NOTICES). You are missing various bits and pieces that the open source licenses of used components require from you, including attribution, disclaimers, and license files to name the most obvious parts. The details can only be determined through a recursive scan of your open source dependencies.

As an example, consider Hamcrest and JUnit (not sure why you are using JUnit in production but your current notices file says so). You should provide the copyright statement for Hamcrest as well as the disclaimers for JUnit (but don't).

Thank you for the hard work.

@dirkriehle dirkriehle added the bug label Jun 30, 2020
@tkowark
Copy link
Member

tkowark commented Jul 7, 2020

Hi @dirkriehle , thank you for your feedback. It is great to see that there is such a big support group of the Corona-warn-app out there! It has always been our goal to meet the open source compliance requirements, including those for open source legal notices. That being said and given your feedback, we are in the process of reviewing our notices files and correct the information, where necessary.

@LeChasseur
Copy link

LeChasseur commented Jul 8, 2020

Unfortunately, we see some critizism about complying with the applicable FOSS licenses. See:
1.
https://www.linkedin.com/pulse/zahlreiche-m%C3%A4ngel-open-source-compliance-bei-der-hendrik-sch%C3%B6ttle
2.
https://dirkriehle.com/2020/06/30/the-german-corona-warn-app-a-legally-defective-product/
Mostly connected with the promotion of compliance services...Nevertheless, proper license compliance matters.
I offer to provide you with pro bono services. If you are interested please contact me for further discussion.

@kirschner
Copy link

kirschner commented Jul 10, 2020

Additionally to @LeChasseur's offer, I also wanted to highlight the connected issue 413.

@SebastianWolf-SAP SebastianWolf-SAP added community documentation labels Jul 10, 2020
@dirkriehle
Copy link
Author

dirkriehle commented Jul 13, 2020

Unfortunately, we see some critizism about complying with the applicable FOSS licenses. See:
1.
https://www.linkedin.com/pulse/zahlreiche-m%C3%A4ngel-open-source-compliance-bei-der-hendrik-sch%C3%B6ttle
2.
https://dirkriehle.com/2020/06/30/the-german-corona-warn-app-a-legally-defective-product/
Mostly connected with the promotion of compliance services...Nevertheless, proper license compliance matters.
I offer to provide you with pro bono services. If you are interested please contact me for further discussion.

Ironically, not "compliance services" but "compliance education services".

Your offer is generous (to do the license clearing for the project) but the reason why I did not offer to ask my students is that I don't understand how 20M Euro (the original payment for the software out of the German taxpayers pocket) did not include proper legal notices.

@tkowark
Copy link
Member

tkowark commented Jul 14, 2020

Thanks again for all your input. Regarding the concrete issues raised: Hamcrest and J-Unit are in fact not delivered with the app and will therefore be removed from the respective view in the app in the next update of the component.

We are further reviewing the remainder of the OSLN and will fix any upcoming issues. If you find concrete problems, please raise them as dedicated Github issues.

@AlexanderAlferov AlexanderAlferov linked a pull request Jul 14, 2020 that will close this issue
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug community documentation
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants