xi2 License Dependency #259
Comments
|
I hadn't noticed... are you really not able to use software in the public domain? |
|
We are and our software is open source but unless a software project we use has a legally well known and clarified license it makes things less clear and harder to verify its status. |
|
@mholt I think the problem is that "Public Domain" is not a license that can be detected with automated tooling. |
|
Another issue is marketplaces such as Google accept a limited set of well established licences. By taking the approach of creating a custom license with "reasonable sounding" words makes it harder for these software projects to be accepted when scrutinized in strict environments. Its a shame as I am sure the xi2 project would probably be happy with MIT or Apache 2.0 wording. |
|
Having not heard anything back from the project's author, I created a fork with the LICENSE: https://github.com/therootcompany/xz Perhaps you could use the |
|
Fixed in #302. Tried using a so I had to just swap it out entirely, nbd. Thanks! |
#302) * Initial commit of v4 rewrite; core types, methods * Correct file permissions * Use xz lib with standard license (close #259) * zip: Decode non-UTF-8 encoded filenames (by @zxdvd) Closes #147 Supersedes #149 * Improve ArchiveFS; fix directory traversal * Add placeholder command for now Not sure when I'll get around to reimplementing this for v4. * ci: Require Go 1.17 * Swap params for Inserter interface More aesthetically pleasing when enumerating files * Add readme
This project as xi2/xz as a dependency
archiver/go.mod
Line 14 in 25e050d
However, that project has not used a standard license:
https://github.com/xi2/xz/blob/master/LICENSE
This is causing us problems with 3rd party open source dependency license validation. Is there any possibility of forking that library to republish it with a standard license? I have added an issue to their project xi2/xz#10 but it seems inactive.
The text was updated successfully, but these errors were encountered: