zrhoffman opened a new pull request #5527: URL: https://github.com/apache/trafficcontrol/pull/5527
<!-- ************ STOP!! ************ If this Pull Request is intended to fix a security vulnerability, DO NOT submit it! Instead, contact the Apache Software Foundation Security Team at [email protected] and follow the guidelines at https://www.apache.org/security/ regarding vulnerability disclosure. --> ## What does this PR (Pull Request) do? <!-- Explain the changes you made here. If this fixes an Issue, identify it by replacing the text in the checkbox item with the Issue number e.g. - [x] This PR fixes #9001 OR is not related to any Issue ^ This will automatically close Issue number 9001 when the Pull Request is merged (The '#' is important). Be sure you check the box properly, see the "The following criteria are ALL met by this PR" section for details. --> Our `LICENSE` file lists so many bundled dependencies that it no longer meets [the 75% coverage threshold](https://github.com/golang/pkgsite/blob/5867665b19/internal/licenses/licenses.go#L43-L50) required in order for the site to identify the `LICENSE` file as an Apache-2.0 license: ```go const ( // coverageThreshold is the minimum percentage of the file that must contain // license text. coverageThreshold = 75 // unknownLicenseType is for text in a license file that's not recognized. unknownLicenseType = "UNKNOWN" ) ``` It was ~26% around [`09e25013fd~`](https://github.com/apache/trafficcontrol/commit/09e25013fd~), then #5229 brought it up to ~51% but we're still a ways from the required 75% coverage threshold. If we do not move that bundled depedencies license list to another file like [`NOTICE`](https://github.com/apache/trafficcontrol/blob/master/NOTICE), we would need a google/licensecheck License Regular Expression exception added to [/internal/licenses/exceptions](https://github.com/golang/pkgsite/tree/5867665b19/internal/licenses/exceptions) tree of the [golang/pkgsite](https://github.com/golang/pkgsite) project. This PR cleans up our `LICENSE` file a bit before such an exception is added to golang/pkgsite. Once the LRE exception is added, we can additionally add a GitHub Action to ensure that future changes to `LICENSE` to not break pkg.go.dev compatibility. - [x] This PR is related to Issue #5488 but does not fix it.<!-- You can check for an issue here: https://github.com/apache/trafficcontrol/issues --> ## Which Traffic Control components are affected by this PR? <!-- Please delete all components from this list that are NOT affected by this Pull Request. Also, feel free to add the name of a tool or script that is affected but not on the list. Additionally, if this Pull Request does NOT affect documentation, please explain why documentation is not required. --> - LICENSE ## What is the best way to verify this PR? <!-- Please include here ALL the steps necessary to test your Pull Request. If it includes tests (and most should), outline here the steps needed to run the tests. If not, lay out the manual testing procedure and please explain why tests are unnecessary for this Pull Request. --> Check if `LICENSE` file looks good ## The following criteria are ALL met by this PR <!-- Check the boxes to signify that the associated statement is true. To "check a box", replace the space inside of the square brackets with an 'x'. e.g. - [ x] <- Wrong - [x ] <- Wrong - [] <- Wrong - [*] <- Wrong - [x] <- Correct! --> - [x] I have explained why tests are unnecessary (tests can be added after an exception is added to golang/pkgsite) - [x] This PR includes documentation - [x] An update to CHANGELOG.md not necessary - [x] This PR includes any and all required license headers - [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY** (see [the Apache Software Foundation's security guidelines](https://www.apache.org/security/) for details) <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
