Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to check if kubernetes-image-puller dependencies are EPL compatible #16321

Closed
ibuziuk opened this issue Mar 11, 2020 · 5 comments
Closed

Need to check if kubernetes-image-puller dependencies are EPL compatible #16321

ibuziuk opened this issue Mar 11, 2020 · 5 comments
Assignees
@ibuziuk
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.12

Comments

@ibuziuk
Copy link
Member

ibuziuk commented Mar 11, 2020

Is your task related to a problem? Please describe.

As a first step before contributing 'kubernetes-image-puller' to the Eclipse Foundation we need to make sure that all the deps are EPL compatible - https://github.com/che-incubator/kubernetes-image-puller/blob/master/go.mod
@ibuziuk ibuziuk added kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system. labels Mar 11, 2020
@ibuziuk ibuziuk added this to the Backlog - Hosted Che milestone Mar 11, 2020
@ibuziuk ibuziuk mentioned this issue Mar 11, 2020
Closed
1 task
@ibuziuk ibuziuk modified the milestones: Backlog - Hosted Che, 7.11.0 Mar 11, 2020
@ibuziuk ibuziuk modified the milestones: 7.11, 7.12 Apr 1, 2020
@ibuziuk ibuziuk self-assigned this Apr 2, 2020
@tomgeorge
Copy link
Contributor

does this include transitive dependencies or just the first level dependencies?

@ibuziuk
Copy link
Member Author

ibuziuk commented Apr 3, 2020

ideally would be great to find a tool for checking the whole tree but first level dependencies should be fine as part of this task.

I quickly tried go-licenses and glice but none of them did the job for me e.g.

[ibuziuk@fedora kubernetes-image-puller]$ glice
+--------------------------------------+---------+---------+
|              DEPENDENCY              | REPOURL | LICENSE |
+--------------------------------------+---------+---------+
| k8s.io/client-go/kubernetes          |         |         |
| k8s.io/client-go/rest                |         |         |
| k8s.io/client-go/tools/clientcmd     |         |         |
| k8s.io/api/apps/v1                   |         |         |
| k8s.io/api/core/v1                   |         |         |
| k8s.io/apimachinery/pkg/api/errors   |         |         |
| k8s.io/apimachinery/pkg/api/resource |         |         |
| k8s.io/apimachinery/pkg/apis/meta/v1 |         |         |
| k8s.io/apimachinery/pkg/watch        |         |         |
+--------------------------------------+---------+---------+
[ibuziuk@fedora kubernetes-image-puller]$ glice -c
+--------------------------------------+---------+---------+-------+
|              DEPENDENCY              | REPOURL | LICENSE | COUNT |
+--------------------------------------+---------+---------+-------+
| k8s.io/client-go/kubernetes          |         |         |     2 |
| k8s.io/client-go/rest                |         |         |     1 |
| k8s.io/client-go/tools/clientcmd     |         |         |     1 |
| k8s.io/api/apps/v1                   |         |         |     1 |
| k8s.io/api/core/v1                   |         |         |     1 |
| k8s.io/apimachinery/pkg/api/errors   |         |         |     1 |
| k8s.io/apimachinery/pkg/api/resource |         |         |     1 |
| k8s.io/apimachinery/pkg/apis/meta/v1 |         |         |     1 |
| k8s.io/apimachinery/pkg/watch        |         |         |     1 |
+--------------------------------------+---------+---------+-------+
[ibuziuk@fedora kubernetes-image-puller]$

@ibuziuk ibuziuk mentioned this issue Apr 3, 2020
Closed
@ibuziuk
Copy link
Member Author

ibuziuk commented Apr 3, 2020
edited
Loading

looks like I found a proper tool https://github.com/mitchellh/golicense

[ibuziuk@fedora bin]$ golicense kubernetes-image-puller 
github.com/spf13/pflag          BSD 3-Clause "New" or "Revised" License                                 
github.com/modern-go/concurrent Apache License 2.0                                                      
k8s.io/apimachinery             Apache License 2.0                                                      
k8s.io/client-go                Apache License 2.0                                                      
github.com/golang/protobuf      BSD 3-Clause "New" or "Revised" License                                 
k8s.io/api                      Apache License 2.0                                                      
🚫 github.com/gogo/protobuf        <license not found or detected>                                      
github.com/modern-go/reflect2   Apache License 2.0                                                      
golang.org/x/oauth2             BSD 3-Clause "New" or "Revised" License                                 
github.com/gregjones/httpcache  MIT License                                                             
🚫 sigs.k8s.io/yaml                <license not found or detected>                                      
github.com/google/btree         Apache License 2.0                                                      
github.com/imdario/mergo        BSD 3-Clause "New" or "Revised" License                                 
gopkg.in/inf.v0                 BSD 3-Clause "New" or "Revised" License                                 
golang.org/x/sys                BSD 3-Clause "New" or "Revised" License                                 
k8s.io/klog                     Apache License 2.0                                                      
github.com/peterbourgon/diskv   MIT License                                                             
github.com/googleapis/gnostic   Apache License 2.0                                                      
golang.org/x/crypto             BSD 3-Clause "New" or "Revised" License                                 
github.com/json-iterator/go     MIT License                                                             
github.com/google/gofuzz        Apache License 2.0                                                      
golang.org/x/text               BSD 3-Clause "New" or "Revised" License                                 
golang.org/x/net                BSD 3-Clause "New" or "Revised" License                                 
golang.org/x/time               BSD 3-Clause "New" or "Revised" License                                 
gopkg.in/yaml.v2                Apache License 2.0

Dependencies that were not detected by the tool:

So, the set of licenses:

The last license seems to be the custom one and some clarity from the legals team would be nice to have.

BSD 3-Clause "New" or "Revised" License, Apache License 2.0, MIT License are listed in the https://www.eclipse.org/legal/licenses.php#

@ibuziuk
Copy link
Member Author

ibuziuk commented Apr 6, 2020

@tomgeorge could you please take if we really need both and github.com/gogo/protobuf in the repo which is the github.com/golang/protobuf fork?

@ibuziuk
Copy link
Member Author

ibuziuk commented Apr 6, 2020
edited
Loading

so, it looks like github.com/golang/protobuf is an indirect dependency of the k8s.io/api/apps/v1 (Apache 2.0)

├ github.com/che-incubator/kubernetes-image-puller/cfg
      ├ k8s.io/api/apps/v1
        ├ fmt
        ├ io
        ├ math
        ├ reflect
        ├ strings
        ├ github.com/gogo/protobuf/proto

So, I believe we can close the issue and treat all the k8s-image-puller docs as EPL compatible:

  • BSD 3-Clause "New" or "Revised" License
  • Apache License 2.0
  • MIT License

@ibuziuk ibuziuk closed this as completed Apr 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ibuziuk ibuziuk

Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.12
Development

No branches or pull requests
2 participants
@tomgeorge @ibuziuk