Cwa-app-android: Legal notices are incomplete

Created on 30 Jun 2020  路  5Comments  路  Source: corona-warn-app/cwa-app-android

The legal notices in the Android app are incomplete (these appear to be taken directly from the top-level file THIRD-PARTY-NOTICES). You are missing various bits and pieces that the open source licenses of used components require from you, including attribution, disclaimers, and license files to name the most obvious parts. The details can only be determined through a recursive scan of your open source dependencies.

As an example, consider Hamcrest and JUnit (not sure why you are using JUnit in production but your current notices file says so). You should provide the copyright statement for Hamcrest as well as the disclaimers for JUnit (but don't).

Thank you for the hard work.

bug community documentation
Source
picture dirkriehle
👍4

All 5 comments

Hi @dirkriehle , thank you for your feedback. It is great to see that there is such a big support group of the Corona-warn-app out there! It has always been our goal to meet the open source compliance requirements, including those for open source legal notices. That being said and given your feedback, we are in the process of reviewing our notices files and correct the information, where necessary.

tkowark picture tkowark on 7 Jul 2020
👍1

Unfortunately, we see some critizism about complying with the applicable FOSS licenses. See:
1.
https://www.linkedin.com/pulse/zahlreiche-m%C3%A4ngel-open-source-compliance-bei-der-hendrik-sch%C3%B6ttle
2.
https://dirkriehle.com/2020/06/30/the-german-corona-warn-app-a-legally-defective-product/
Mostly connected with the promotion of compliance services...Nevertheless, proper license compliance matters.
I offer to provide you with pro bono services. If you are interested please contact me for further discussion.

LeChasseur picture LeChasseur on 8 Jul 2020
👀2 👍1

Additionally to @LeChasseur's offer, I also wanted to highlight the connected issue 413.

kirschner picture kirschner on 10 Jul 2020
👍1

Unfortunately, we see some critizism about complying with the applicable FOSS licenses. See:
1.
https://www.linkedin.com/pulse/zahlreiche-m%C3%A4ngel-open-source-compliance-bei-der-hendrik-sch%C3%B6ttle
2.
https://dirkriehle.com/2020/06/30/the-german-corona-warn-app-a-legally-defective-product/
Mostly connected with the promotion of compliance services...Nevertheless, proper license compliance matters.
I offer to provide you with pro bono services. If you are interested please contact me for further discussion.

Ironically, not "compliance services" but "compliance education services".

Your offer is generous (to do the license clearing for the project) but the reason why I did not offer to ask my students is that I don't understand how 20M Euro (the original payment for the software out of the German taxpayers pocket) did not include proper legal notices.

dirkriehle picture dirkriehle on 13 Jul 2020
👍1

Thanks again for all your input. Regarding the concrete issues raised: Hamcrest and J-Unit are in fact not delivered with the app and will therefore be removed from the respective view in the app in the next update of the component.

We are further reviewing the remainder of the OSLN and will fix any upcoming issues. If you find concrete problems, please raise them as dedicated Github issues.

tkowark picture tkowark on 14 Jul 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gagamail picture gagamail  路  64Comments
mueslo picture mueslo  路  102Comments
nilsalex picture nilsalex  路  86Comments
svengabr picture svengabr  路  149Comments
FriederikeHanssen picture FriederikeHanssen  路  44Comments