boring-cyborg[bot]
commented
1 year ago Thanks for opening your first issue here!
Closed hehao98 closed 1 year ago
boring-cyborg[bot]
commented
1 year ago Thanks for opening your first issue here!
stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
stale[bot]
commented
1 year ago This issue has been automatically closed for inactivity. If you still wish to make these changes, please open a new pull request or reopen this one.
MrwanBaghdad
commented
1 year ago Can someone from Lyft confirm this? CC: @kristenarmes
kristenarmes
commented
1 year ago Hi @hehao98, thanks for bringing this to our attention, I have opened a PR to address this issue
(I think this is not a bug or a feature request, so I am opening an issue without a template)
Hello,
We are a group of researchers developing tools to monitor and remediate open-source license incompatibilities in the PyPI ecosystem.
We find that your
amundsen-databuilderpackage has a GPL-2.0-or-later licensed dependencyunidecode. This could be problematic because GPL-licensed software requires any of its derivative work to be also licensed under GPL, butamundsen-databuilderis licensed under Apache 2.0.To remove this license incompatibility, the following possible remediations may be considered:
amundsen-databuilderunder GPL 3.0 or AGPL 3.0unidecodetotext-unidecodeunidecodeversion to 0.04.6unidecodeNote that the above remediations are generated by an automated tool that is still under test, may be incorrect, and does not represent legal advice. We welcome any suggestions and feedback!