Hi,
we are currently checking the Open Source Compliance of Apache Poi 5.0.0 and if
we can use it in our commercial software.
We found two problems, which may can be resolved somehow:
1. org/apache/poi/sl/draw/BitmapImageRenderer.java
* Method: readImage
* There is a comment with a stackoverflow link and there are several
lines of code which are completely equal with the suggested solution from
stackoverflow
* Problem: Code on Stackoverflow is published under the Creative Commons
Attribution-ShareAlike 4.0 International Public License, which is kind of a
problem
* Solution: remove the stackoverflow link and maybe rewrite the code a
little bit
2. org/apache/poi/util/StringCodepointsIterable.java
* The file/class is basically a copy of
https://gist.github.com/EmmanuelOga/48df70b27ead4d80234b which is also
mentioned in the comment above the class declaration
* Problem: There is no license, copyright, etc. for this code which is
technically a violation of the copyright
* Solution: ??
If I am wrong somehow, please correct me. But my colleague who detected these
findings has many years of consulting experience in open source compliance.
KR Stefan
