New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

License Scan/Remediation Questions #1210

Open

austinlparker opened this issue Feb 28, 2024 · 1 comment

Member

austinlparker commented Feb 28, 2024

Hello maintainers! We have received a report from the CNCF license audit that the following paths contain licenses that do not match the project license. You can find the full report here: https://lfscanning.org/reports/cncf-2/open-telemetry-2024-02-09-e8fcbc12-0a27-470a-9f2d-c5f680322e13.html

static-instrumenter (appears to be test artifacts/resources, so I don't believe this is a problem but if we don't need them we should remove them)

Please review the linked material and document any decisions made in this issue, thanks.

austinlparker mentioned this issue

February 2024 License Scan Remediation Tracking Issue open-telemetry/community#1974

Open

Member

trask commented Feb 29, 2024

I checked, and these files

static-instrumenter/agent-instrumenter/src/integrationTest/resources/app.jar/mozilla/public-suffix-list.txt
static-instrumenter/maven-plugin/src/test/resources/test-http-app.jar/mozilla/public-suffix-list.txt

come from Apache HTTP Client, which includes a direct copy of the MPL licensed file https://publicsuffix.org/list/public_suffix_list.dat

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment