[BUILD-324] Check supplemental model in current bundle and update if necessary Created: 10/Oct/18  Updated: 14/Jun/19

Status: Accepted
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Federico Grilli Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File NOTICE.txt    
Issue Links:
Cloners
clones BUILD-284 Check supplemental model in current b... Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:
Story Points: 2

 Description   

We bundle some software libraries that are credited to an "unknown organization".  https://nexus.magnolia-cms.com/service/local/repositories/magnolia.enterprise.snapshots/archive/info/magnolia/eebundle/magnolia-enterprise-pro-demo-webapp/6.0-SNAPSHOT/magnolia-enterprise-pro-demo-webapp-6.0-20181112.124029-551.war/!/NOTICE.txt

Issue and risk: Magnolia clients need to ensure that the software they use is compliant with the client's policies, for example that all software is open source (OSS). If we don't provide license and ownership information to support such checks then there might be room for "infringement", say an artifact has no OSS-compatible license.

In the NOTICE.txt file we provide license information for all software libraries, so we are OK, but the creator organization is missing for some. It is good practice to fill the organization too, but not critical.



 Comments   
Comment by Roman Kovařík [ 12/Nov/18 ]

I've skimmed trough NOTICE.txtand can't find any missing licenses, just organisations which is not critical.

Generated at Sun Feb 11 23:40:52 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.