search

metricfu / metric_fu

A fist full of code metrics
http://metricfu.github.com/metric_fu
MIT License
627 stars 96 forks source link

Compliance issues with HighCharts? #300

Open Deekor opened 6 years ago

Deekor commented 6 years ago

Has anyone run into compliance issues with HighCharts when using metric fu?

Our app just went through a compliance audit and to my surprise metric fu (included via simplecov) threw up red flags because high charts is included in the gem and requires a commercial license.

A version of metric_fu without the high charts library would be very helpful in this case.

bf4 commented 6 years ago

you're not required to use high charts. you can use, for example, google charts.

compliance was discussed when it was introduced.

Deekor commented 6 years ago

Ya, but they ran it through a compliance check called https://www.blackducksoftware.com/ and it failed because the highcharts code is included. Now I have no choice but to remove Metric Fu.

bf4 commented 6 years ago

Well, for one, metric_fu shouldn't be in your gemfile. I guess you can't argue with an algorithm. The code is free for use within certain constraints. There's no constraint for having it on your computer.

OTOH, I'm happy to extract it out

Deekor commented 6 years ago

metric_fu is in my development/test group of my gemfile. However, I was under the impression Simplecov was requiring it - looks like I might have been wrong on that.

Either way, the strict compliance rules I have to follow now won't allow me to use metric_fu at all unless highcharts is removed. I don't expect you to make a change just for me. If you have the time it would be appreciated as I'm sure others will eventually run into this issue as well at some point.

jkeam commented 6 years ago

Ya, I was digging around their licensing agreement a bit and I think you bring up a valid point.

https://shop.highsoft.com/faq

The section I want to reference is:

May I use your Software under the Non-Commercial License for Open Source Projects? Although Highsoft's Software have open source codes, our software is not licensed as an open source software and is unfortunately not compatible with any open source software license like Apache 2 or any GPL. See also Non-Commercial Redistribution

Here are a few other relevant links: https://shop.highsoft.com/media/highsoft/Standard-License-Agreement-9.0.pdf https://shop.highsoft.com/highcharts

If this is indeed the case, we might consider replacing Highcharts with another charting tool. Anyone have thoughts on the matter? I hope I'm missing something.