Operator-sdk: Use of package w/ improper licensing

Created on 4 Jun 2020  路  3Comments  路  Source: operator-framework/operator-sdk

Bug Report

SDK makes us of open source package without proper license
bou.ke/monkey v1.0.1/go.mod h1:FgHuK96Rv2Nlf+0u1OOVDpCMdsWyOFmeeketDHE7LIg=
https://github.com/operator-framework/operator-sdk/blob/master/go.sum

License for bou.ke component explicitly notes "I do not give anyone permissions to use this tool for any purpose. Don't use it.I鈥檓 not interested in changing this license. Please don鈥檛 ask."

https://github.com/bouk/monkey/blob/master/LICENSE.md

kinbug
Source
picture magescher

Most helpful comment

Hi, I'm the creator of monkey. I can't stress this enough: don't use it.

The reason it's included is because github.com/operator-framework/operator-registry depends on github.com/otiai10/copy which depends on github.com/otiai10/mint where version 1.2.3 depends on bou.ke/monkey

picture bouk on 4 Jun 2020
👍3

All 3 comments

Hi, I'm the creator of monkey. I can't stress this enough: don't use it.

The reason it's included is because github.com/operator-framework/operator-registry depends on github.com/otiai10/copy which depends on github.com/otiai10/mint where version 1.2.3 depends on bou.ke/monkey

bouk picture bouk on 4 Jun 2020
👍3

Totally on board for getting this fixed. I'm curious, how was it discovered that this was a problem? I'd be interested in checking on this kind of thing periodically.

joelanford picture joelanford on 4 Jun 2020

Once https://github.com/operator-framework/operator-registry/pull/349 is merged we can bump registry versions here and get rid of that dep.

estroz picture estroz on 4 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ffoysal picture ffoysal  路  3Comments
TristanCacqueray picture TristanCacqueray  路  5Comments
bobdonat picture bobdonat  路  3Comments
kristiandrucker picture kristiandrucker  路  5Comments
gyliu513 picture gyliu513  路  3Comments