-
Bug
-
Resolution: Done
-
Medium
-
Amsterdam Release
-
None
-
None
There are two issues for oom-registrator in the scan report.
1. /oom-registrator/src/kube2msb/vendor/github.com/juju/ratelimit
Actually, these codes is an indirectly dependency for oom-registrator, and it's directly used in kubernetes go client, which is Apache 2 license.
oom-registrator(Apache 2)--->kubernetes-client-go(Apache 2)--->ratelimit(LGPL with exception)
According to th upstream project license in kubernetes go client, there's an exception for the juju ratelimit lib .
https://github.com/kubernetes/client-go/blob/master/vendor/github.com/juju/ratelimit/LICENSE
As a special exception to the GNU Lesser General Public License version 3
("LGPL3"), the copyright holders of this Library give you permission to
convey to a third party a Combined Work that links statically or dynamically
to this Library without providing any Minimal Corresponding Source or
Minimal Application Code as set out in 4d or providing the installation
information set out in section 4e, provided that you comply with the other
provisions of LGPL3 and provided that you meet, for the Application the
terms and conditions of the license(s) which apply to the Application.
2. /oom-registrator/src/kube2msb/vendor/gopkg.in/yaml.v2
According to the upstream project, the license of go-yaml has been updated to Apache 2: https://github.com/go-yaml/yaml/blob/v2/LICENSE
I changed the reference code license within oom-registrator repo accordingly.