search

go-kit / kit

A standard library for microservices.
https://gokit.io
MIT License
26.35k stars 2.42k forks source link

Stackoverflow CC-SA License Violation #1228

Closed 0xbrock closed 2 years ago

0xbrock commented 2 years ago

What did you do?

Sorry if this is the wrong venue for this, but I couldn't find a better venue.

This was discovered in the course of an audit. metrics/teststat/populate.go erfinv references https://stackoverflow.com/questions/5971830/need-code-for-inverse-error-function on line 39. It looks like the code was copied and transformed into a different language. All code from StackOverflow is licensed under CC BY-SA (https://stackoverflow.com/help/licensing) version 3.0 (https://creativecommons.org/licenses/by-sa/3.0/) based on the date of the answer. Go-kit is licensed under the MIT license which not compatible with CC BY-SA (think GPLv3 v3 is not compatible with other licenses, but v4 is though not applicable).

Just want to make sure your great work is not running into legal trouble for you or the users of the package down the road.

What did you expect?

Not to find license switched code or have the code correctly attributed and licensed (if possible).

What happened instead?

Found derivative CC BY-SA code in an MIT licensed package.

ChrisHines commented 2 years ago

Duplicate of https://github.com/go-kit/kit/issues/1226.

0xbrock commented 2 years ago

Oh, thanks. I searched for a bunch of different things and didn't see find it. I will close this.