Engage in the IP Due Diligence process for third party assets

[waynebeaton]

I noticed that there are a small number of third party dependencies that may require due diligence review by the IP Team.

AFAICT, most of them declare themselves as MIT, but there is at least one in the list for which we can't find license information. The Eclipse Dash License Tool has flagged them as requiring further investigation.

$ java -jar {dash-path}/org.eclipse.dash.licenses-{version}.jar package-lock.json
[main] INFO License information could not be automatically verified for the following content:
[main] INFO 
[main] INFO npm/npmjs/-/body/5.1.0
[main] INFO npm/npmjs/-/console-stream/0.1.1
[main] INFO npm/npmjs/-/continuable-cache/0.3.1
[main] INFO npm/npmjs/-/jsonify/0.0.1
[main] INFO npm/npmjs/-/path-platform/0.11.15
[main] INFO npm/npmjs/-/safe-json-parse/1.0.1
[main] INFO npm/npmjs/@fontsource/open-sans/4.5.14
[main] INFO npm/npmjs/@fontsource/roboto-mono/4.5.8
[main] INFO 
[main] INFO This content is either not correctly mapped by the system, or requires review.

AFAICT, most of the libraries in the list declare themselves as MIT, but there is at least one in the list for which we can't find license information. The Eclipse Dash License Tool has flagged them as requiring further investigation.

I ran the tool against the package-lock.json file with an assumption that it is up-to-date.

The Dash License Tool has an option to automatically create review request records to engage IP Team and resolve the outstanding licence information.

Please engage in the IP Due Diligence process.

fyi @ivargrimstad @mtdelgadoa

[kito99]

@waynebeaton will do. Did you happen to run the tool against the other tutorial repos?

[waynebeaton]

No.

[kito99]

@waynebeaton ok thx.