You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@libcloud.apache.org by to...@apache.org on 2021/11/12 15:20:39 UTC
[libcloud] 05/09: Add a note on chardet LGPL issue to the upgrade
notes and changelog.
This is an automated email from the ASF dual-hosted git repository.
tomaz pushed a commit to branch 3.4.x
in repository https://gitbox.apache.org/repos/asf/libcloud.git
commit 14e90fbc3cb6b13c7d3d969ecbdfcc0266128dcf
Author: Tomaz Muraus <to...@tomaz.me>
AuthorDate: Fri Nov 12 15:00:50 2021 +0100
Add a note on chardet LGPL issue to the upgrade notes and changelog.
---
CHANGES.rst | 31 +++++++++++++++++++++++++++++++
NOTICE | 2 +-
docs/upgrade_notes.rst | 33 ++++++++++++++++++++++++++++++++-
3 files changed, 64 insertions(+), 2 deletions(-)
diff --git a/CHANGES.rst b/CHANGES.rst
index c3c9295..336ad01 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -4,6 +4,37 @@
Changes in Apache Libcloud 3.4.1
--------------------------------
+.. note::
+
+ Libcloud depends on the ``requests`` library for performing HTTP(s) requests.
+
+ Prior to ``requests`` v2.26.0, ``requests`` depended on ``chardet`` library
+ which is licensed under LGPL (requests library itself is licensed under the
+ Apache License 2.0 license).
+
+ Since Libcloud is not an application, but a library which is usually used
+ along many other libraries in the same (virtual) environment, we can't have
+ a strict dependency on requests >= 2.26.0 since that would break a lot of
+ installations where users already depend on and have an older version of
+ requests installed.
+
+ If you are using requests < 2.26.0 along the Libcloud library you are using
+ version of chardet library (chardet is a direct dependency of the requests
+ library) which license is not compatible with Apache Libcloud.
+
+ If using a LGPL dependency is a problem for your application, you should
+ ensure you are using requests >= 2.26.0.
+
+ It's also worth noting that Apache Libcloud doesn't bundle any 3rd party
+ dependencies with our release artifacts - we only provide source code
+ artifacts on our website.
+
+ When installing Libcloud from PyPi using pip, pip will also download and use
+ the latest version of requests without the problematic chardet dependency,
+ unless you already have older version of the requests library installed in
+ the same environment where you also want to use Libcloud - in that case,
+ Libcloud will use the dependency which is already available and installed.
+
Common
~~~~~~
diff --git a/NOTICE b/NOTICE
index 176aaf6..fe88c8f 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
Apache Libcloud
-Copyright (c) 2010-2020 The Apache Software Foundation
+Copyright (c) 2010-2021 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
diff --git a/docs/upgrade_notes.rst b/docs/upgrade_notes.rst
index a5e1781..cde5670 100644
--- a/docs/upgrade_notes.rst
+++ b/docs/upgrade_notes.rst
@@ -5,7 +5,38 @@ This page describes how to upgrade from a previous version to a new version
which contains backward incompatible or semi-incompatible changes and how to
preserve the old behavior when this is possible.
-Libcloud 3.3.2
+.. note::
+
+ Libcloud depends on the ``requests`` library for performing HTTP(s) requests.
+
+ Prior to ``requests`` v2.26.0, ``requests`` depended on ``chardet`` library
+ which is licensed under LGPL (requests library itself is licensed under the
+ Apache License 2.0 license).
+
+ Since Libcloud is not an application, but a library which is usually used
+ along many other libraries in the same (virtual) environment, we can't have
+ a strict dependency on requests >= 2.26.0 since that would break a lot of
+ installations where users already depend on and have an older version of
+ requests installed.
+
+ If you are using requests < 2.26.0 along the Libcloud library you are using
+ version of chardet library (chardet is a direct dependency of the requests
+ library) which license is not compatible with Apache Libcloud.
+
+ If using a LGPL dependency is a problem for your application, you should
+ ensure you are using requests >= 2.26.0.
+
+ It's also worth noting that Apache Libcloud doesn't bundle any 3rd party
+ dependencies with our release artifacts - we only provide source code
+ artifacts on our website.
+
+ When installing Libcloud from PyPi using pip, pip will also download and use
+ the latest version of requests without the problematic chardet dependency,
+ unless you already have older version of the requests library installed in
+ the same environment where you also want to use Libcloud - in that case,
+ Libcloud will use the dependency which is already available and installed.
+
+Libclous 3.4.0
--------------
* Exception message changed in OpenStack drivers