New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
License issue GPL dependency rfc3987 #568
Comments
some background: we are not shipping any assembly, nor bundle. Therefore, we never mix any licenses. Is that not true, @kdekker-private ? Anyway, I will check whether a non-gpl package can do the job. |
The |
@kdekker-private could you elaborate how the current situation affects you? |
At the current stage it does not prevent us anymore from doing/achieving anything. We accidently added your package in distribution. But removed it and are happy to use it outside of that. However, I think it would be good for transparency to at least notify the user in the readme that a GPL licensed package is used under the hood. The MIT license of your package might mask this a bit. Ideal would be to remove the dependency on the GPL package, if it is possible. Thanks for the quick response. |
re: #568 (comment) sounds reasonable. 👍 |
cyclonedx-python (cyclonedx-bom==4.1.2) depends via cyclonedx-python-lib==6.4.3 on the package jsonschema, but with the special option format (jsonschema[format]).
This introduces the GPL dependency of package rfc3987, which I think is not the intention.
How to reproduce:
Prove:
Potential solution:
Temporary user solution:
The text was updated successfully, but these errors were encountered: