Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUILD: 3rd party licenses are missing from pandas binary wheels distributed on pypi #58632

Open
1 task done
markdryan opened this issue May 8, 2024 · 1 comment
Open
1 task done

BUILD: 3rd party licenses are missing from pandas binary wheels distributed on pypi #58632

markdryan opened this issue May 8, 2024 · 1 comment
Labels
Blocker Blocking issue or pull request for an upcoming release Build Library building on various platforms
Milestone
2.2.3

Comments

@markdryan
Copy link
Contributor

Installation check

Platform

all

Installation Method

pip install

pandas Version

2.2.2

Python Version

all

Installation Logs

The source code of the pandas project clearly identifies the licenses of the third party code that it uses. Unfortunately, these licenses, and the copyright notices they contain, don't seem to be replicated in the binary wheels the pandas project uploads to pypi, e.g.,
pandas-2.2.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

If we just take the first of these licenses, the BOTTLENECK license, we see the following clause.

   * Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.

As far as I can tell, this is not being done. I can't find the "above copyright", which in this case is

Copyright (c) 2010-2019 Keith Goodman
Copyright (c) 2019 Bottleneck Developers
All rights reserved.

, anywhere in the pandas-2.2.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl I downloaded from pypi.

Many of the licenses under the LICENSES folder have similar clauses which similarly do not appear to be honoured by the pandas binary wheels.

Numpy and scipy have had a similar issue in the past. They addressed this by appending an OS specific text file containing the licenses for all the bundled dependencies to the LICENSE.txt file included in their binary wheels, during the wheel build process.

Note that the third party licenses are included in the pandas source distributions so this seems only to be an issue with the binary wheels.

Finally, I wasn't sure whether to enter this under DOC or BUILD, but seeing as how any fix for this issue would presumably need to be made in the CI, I opted for BUILD.
@markdryan markdryan added Build Library building on various platforms Needs Triage Issue that has not been reviewed by a pandas team member labels May 8, 2024
@lithomas1 lithomas1 removed the Needs Triage Issue that has not been reviewed by a pandas team member label May 8, 2024
@lithomas1 lithomas1 added this to the 2.2.3 milestone May 8, 2024
@lithomas1 lithomas1 added the Blocker Blocking issue or pull request for an upcoming release label May 8, 2024
@lithomas1
Copy link
Member

Thanks for the report.

I'm marking this for 2.2.3, since this is something that should be important to fix before the next release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Blocker Blocking issue or pull request for an upcoming release Build Library building on various platforms
Projects
None yet
Milestone
2.2.3
Development

No branches or pull requests
2 participants
@markdryan @lithomas1