You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@poi.apache.org by Stefan Fattinger <s....@curecomp.com> on 2021/09/16 13:49:53 UTC
Possible License Problems in BitmapImageRenderer and
StringCodepointsIterable
Hi,
we are currently checking the Open Source Compliance of Apache Poi 5.0.0 and if we can use it in our commercial software.
We found two problems, which may can be resolved somehow:
1. org/apache/poi/sl/draw/BitmapImageRenderer.java
* Method: readImage
* There is a comment with a stackoverflow link and there are several lines of code which are completely equal with the suggested solution from stackoverflow
* Problem: Code on Stackoverflow is published under the Creative Commons Attribution-ShareAlike 4.0 International Public License, which is kind of a problem
* Solution: remove the stackoverflow link and maybe rewrite the code a little bit
2. org/apache/poi/util/StringCodepointsIterable.java
* The file/class is basically a copy of https://gist.github.com/EmmanuelOga/48df70b27ead4d80234b which is also mentioned in the comment above the class declaration
* Problem: There is no license, copyright, etc. for this code which is technically a violation of the copyright
* Solution: ??
If I am wrong somehow, please correct me. But my colleague who detected these findings has many years of consulting experience in open source compliance.
KR Stefan
Re: Possible License Problems in BitmapImageRenderer and
StringCodepointsIterable
Posted by Andreas Beeker <ki...@apache.org>.
Hi Devs,
I've changed BitmapImageRenderer locally, but I need to find the test files which trigger mode 1 (grayscale) and mode 2 (truncated).
I've added the handling based on the regression tests on 20.06.2016 - so if you would have the test-results from back then, it might be easier to identify the culprit.
Andi
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
AW: Possible License Problems in BitmapImageRenderer and
StringCodepointsIterable
Posted by Stefan Fattinger <s....@curecomp.com>.
Sorry for the same message again... I had problems with subscribing to the dev mailing list and I didn't checked the list in the webbrowser for any feedback on this case. If there are already some changes I will just wait a little bit. And yes, maybe I will contribute myself sometimes in the future if time allows.
-----Ursprüngliche Nachricht-----
Von: PJ Fanning <fa...@yahoo.com.INVALID>
Gesendet: Montag, 20. September 2021 13:28
An: dev@poi.apache.org
Betreff: Re: Possible License Problems in BitmapImageRenderer and StringCodepointsIterable
Hi Stefan,
I believe both classes you mentioned have been changed over last few days. This is just my opinion but if these issues are really important to your company, then you could contribute patches yourselves. Apache POI is a volunteer project.
On Monday 20 September 2021, 12:24:33 IST, Stefan Fattinger <s....@curecomp.com> wrote:
Hi,
we are currently checking the Open Source Compliance of Apache Poi 5.0.0 and if we can use it in our commercial software.
We found two problems, which may can be resolved somehow:
1. org/apache/poi/sl/draw/BitmapImageRenderer.java
* Method: readImage
* There is a comment with a stackoverflow link and there are several lines of code which are completely equal with the suggested solution from stackoverflow
* Problem: Code on Stackoverflow is published under the Creative Commons Attribution-ShareAlike 4.0 International Public License, which is kind of a problem
* Solution: remove the stackoverflow link and maybe rewrite the code a little bit?
2. org/apache/poi/util/StringCodepointsIterable.java
* The file/class is basically a copy of https://gist.github.com/EmmanuelOga/48df70b27ead4d80234b which is also mentioned in the comment above the class declaration
* Problem: There is no license, copyright, etc. for this code which is technically a violation of the copyright
* Solution: ??
If I am wrong somehow, please correct me. But my colleague who detected these findings has many years of consulting experience in open source compliance.
KR Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org For additional commands, e-mail: dev-help@poi.apache.org
Re: Possible License Problems in BitmapImageRenderer and
StringCodepointsIterable
Posted by PJ Fanning <fa...@yahoo.com.INVALID>.
Hi Stefan,
I believe both classes you mentioned have been changed over last few days. This is just my opinion but if these issues are really important to your company, then you could contribute patches yourselves. Apache POI is a volunteer project.
On Monday 20 September 2021, 12:24:33 IST, Stefan Fattinger <s....@curecomp.com> wrote:
Hi,
we are currently checking the Open Source Compliance of Apache Poi 5.0.0 and if we can use it in our commercial software.
We found two problems, which may can be resolved somehow:
1. org/apache/poi/sl/draw/BitmapImageRenderer.java
* Method: readImage
* There is a comment with a stackoverflow link and there are several lines of code which are completely equal with the suggested solution from stackoverflow
* Problem: Code on Stackoverflow is published under the Creative Commons Attribution-ShareAlike 4.0 International Public License, which is kind of a problem
* Solution: remove the stackoverflow link and maybe rewrite the code a little bit?
2. org/apache/poi/util/StringCodepointsIterable.java
* The file/class is basically a copy of https://gist.github.com/EmmanuelOga/48df70b27ead4d80234b which is also mentioned in the comment above the class declaration
* Problem: There is no license, copyright, etc. for this code which is technically a violation of the copyright
* Solution: ??
If I am wrong somehow, please correct me. But my colleague who detected these findings has many years of consulting experience in open source compliance.
KR Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Possible License Problems in BitmapImageRenderer and
StringCodepointsIterable
Posted by Stefan Fattinger <s....@curecomp.com>.
Hi,
we are currently checking the Open Source Compliance of Apache Poi 5.0.0 and if we can use it in our commercial software.
We found two problems, which may can be resolved somehow:
1. org/apache/poi/sl/draw/BitmapImageRenderer.java
* Method: readImage
* There is a comment with a stackoverflow link and there are several lines of code which are completely equal with the suggested solution from stackoverflow
* Problem: Code on Stackoverflow is published under the Creative Commons Attribution-ShareAlike 4.0 International Public License, which is kind of a problem
* Solution: remove the stackoverflow link and maybe rewrite the code a little bit?
2. org/apache/poi/util/StringCodepointsIterable.java
* The file/class is basically a copy of https://gist.github.com/EmmanuelOga/48df70b27ead4d80234b which is also mentioned in the comment above the class declaration
* Problem: There is no license, copyright, etc. for this code which is technically a violation of the copyright
* Solution: ??
If I am wrong somehow, please correct me. But my colleague who detected these findings has many years of consulting experience in open source compliance.
KR Stefan
Re: Possible License Problems in BitmapImageRenderer and StringCodepointsIterable
Posted by Dave Fisher <wa...@apache.org>.
Please take these concerns directly to the POI project. You can write to either private@poi.apache.org or dev@poi.apache.org.
Regards,
Dave
Sent from my iPhone
> On Sep 16, 2021, at 7:01 AM, Stefan Fattinger <s....@curecomp.com> wrote:
>
>
> Hi,
>
> we are currently checking the Open Source Compliance of Apache Poi 5.0.0 and if we can use it in our commercial software.
> We found two problems, which may can be resolved somehow:
>
> org/apache/poi/sl/draw/BitmapImageRenderer.java
> Method: readImage
> There is a comment with a stackoverflow link and there are several lines of code which are completely equal with the suggested solution from stackoverflow
> Problem: Code on Stackoverflow is published under the Creative Commons Attribution-ShareAlike 4.0 International Public License, which is kind of a problem
> Solution: remove the stackoverflow link and maybe rewrite the code a little bit
> org/apache/poi/util/StringCodepointsIterable.java
> The file/class is basically a copy of https://gist.github.com/EmmanuelOga/48df70b27ead4d80234b which is also mentioned in the comment above the class declaration
> Problem: There is no license, copyright, etc. for this code which is technically a violation of the copyright
> Solution: ??
>
> If I am wrong somehow, please correct me. But my colleague who detected these findings has many years of consulting experience in open source compliance.
>
> KR Stefan
Possible License Problems in BitmapImageRenderer and
StringCodepointsIterable
Posted by Stefan Fattinger <s....@curecomp.com>.
Hi,
we are currently checking the Open Source Compliance of Apache Poi 5.0.0 and if we can use it in our commercial software.
We found two problems, which may can be resolved somehow:
1. org/apache/poi/sl/draw/BitmapImageRenderer.java
* Method: readImage
* There is a comment with a stackoverflow link and there are several lines of code which are completely equal with the suggested solution from stackoverflow
* Problem: Code on Stackoverflow is published under the Creative Commons Attribution-ShareAlike 4.0 International Public License, which is kind of a problem
* Solution: remove the stackoverflow link and maybe rewrite the code a little bit
2. org/apache/poi/util/StringCodepointsIterable.java
* The file/class is basically a copy of https://gist.github.com/EmmanuelOga/48df70b27ead4d80234b which is also mentioned in the comment above the class declaration
* Problem: There is no license, copyright, etc. for this code which is technically a violation of the copyright
* Solution: ??
If I am wrong somehow, please correct me. But my colleague who detected these findings has many years of consulting experience in open source compliance.
KR Stefan