[BUILD-324] Check supplemental model in current bundle and update if necessary Created: 10/Oct/18 Updated: 14/Jun/19 |
|
| Status: | Accepted |
| Project: | Build |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Federico Grilli | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoR: |
Empty
|
||||||||
| Date of First Response: | |||||||||
| Story Points: | 2 | ||||||||
| Description |
|
We bundle some software libraries that are credited to an "unknown organization". https://nexus.magnolia-cms.com/service/local/repositories/magnolia.enterprise.snapshots/archive/info/magnolia/eebundle/magnolia-enterprise-pro-demo-webapp/6.0-SNAPSHOT/magnolia-enterprise-pro-demo-webapp-6.0-20181112.124029-551.war/!/NOTICE.txt Issue and risk: Magnolia clients need to ensure that the software they use is compliant with the client's policies, for example that all software is open source (OSS). If we don't provide license and ownership information to support such checks then there might be room for "infringement", say an artifact has no OSS-compatible license. In the NOTICE.txt file we provide license information for all software libraries, so we are OK, but the creator organization is missing for some. It is good practice to fill the organization too, but not critical. |
| Comments |
| Comment by Roman Kovařík [ 12/Nov/18 ] |
|
I've skimmed trough NOTICE.txt |