I did some work in unfolding the JS dependency tree and classifying it by
license string here:
https://github.com/apache/incubator-superset/pull/5801
Highlighting the JS libs that would need more research:
'MIT*': {'expect.js',
'mapbox-gl',
'optimist',
'split',
'trim',
'typed-function'},'CC0-1.0': {'string-hash'},
'Custom: http://badges.github.io/stability-badges/dist/stable.svg': {
'gl-mat3','gl-vec2', 'gl-vec3'},'Apache*': {'mousetrap', 'fuse.js'},
Looking at this, it's tempting to just not package the JS bundles and
instead just make it easy for people to make their own builds. One of the
questions is around the amount of latitude we have around convenience
releases (on Pypi).
Max
On Tue, Sep 18, 2018 at 1:24 AM Justin Mclean <[email protected]> wrote:
> Hi,
>
> > I have found many of our JS lib have unclear licenses. Strings like "MIT
> or GPL"
>
> That probably OK as it's dual licensed and you can pick the most
> favourable one.
>
> > or "BSD*" which when digging means something like "BSD with LLVM clause".
>
> That may be an issue but we would need to look at the actual license text
> and perhaps ask on legal discuss.
>
> Note that even the source release cannot have a dependancy on a Category X
> license (with some exceptions for optional items and build tools).
>
> Thanks,
> Justin
>
