kaxil commented on issue #9898: URL: https://github.com/apache/airflow/issues/9898#issuecomment-664014612
> Note: do we rely on any of those out of the box without an alternative? Because that's what matters. The default configuration of Airflow should not depend on (L)GPL artifacts and Airflow shouldn't distribute them. > > We do not consider docker images to be releases of Airflow and as such they dont go through the same release process (we dont vote on them). > > So what is the real issue here? Thanks Bolke for commenting. There are 2-3 separate issues we are talking about here. 1) The dependencies that were reported by Synk that Ry has listed in the PR description: - jaydebeapi v1.2.3 - mysql-connector-python v8.0.18 - pysmbclient v0.1.5 - unidecode v1.1.1 - yamllint v1.23.0 **However, all these dependencies are _extras_ so that might not be an issue** 2) Whether we need to take care of licenses of Docker Image + Helm Chart dependencies. Or whether we just treat them as convenience packages as currently, we are neither voting on them. 3) The capability of building the same binaries from the source code that we have no idea what licence covers them (talking about Docker images used in Helm Chart). Should we bring the sources under "apache/airflow" umbrella. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
