Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

License violation in JsonUtils #2762

Closed
ChristianOberleitner opened this issue Aug 25, 2021 · 3 comments
Closed

License violation in JsonUtils #2762

ChristianOberleitner opened this issue Aug 25, 2021 · 3 comments
Assignees
@shakuzen
Labels
module: micrometer-core An issue that is related to our core module release notes Noteworthy change to call out in the release notes type: task A general task
Milestone
1.6.11

Comments

@ChristianOberleitner
Copy link

Describe the bug
The file file micrometer-core/src/main/java/io/micrometer/core/instrument/util/JsonUtils.java contains a method named prettyPrint which is (as stated by the author of the class himself) directly taken over from stackoverflow.com. There's a similar (though not that grave, as it is just a one-liner) issue in the file micrometer-core/src/main/java/io/micrometer/core/instrument/util/TimeUtils.java, method format. The issue is that micrometer is licensed under Apache 2.0 and copying code snippets from stackoverflow into own code creates derivative work under the CC BY-SA 4.0 license (under which all stackoverflow.com content is licensed) which is incompatible with Apache 2.0 for various reasons (copyleft, patent rights etc.).

Environment
All environments

To Reproduce
Check the source code and compare with stackoverflow

Expected behavior
No stackoverflow code snippets are used

Additional context
@ChristianOberleitner ChristianOberleitner added the bug A general bug label Aug 25, 2021
@shakuzen shakuzen added module: micrometer-core An issue that is related to our core module and removed bug A general bug labels Aug 25, 2021
@shakuzen shakuzen self-assigned this Aug 26, 2021
@shakuzen shakuzen added release notes Noteworthy change to call out in the release notes type: task A general task labels Aug 26, 2021
@shakuzen shakuzen added this to the 1.6.11 milestone Aug 26, 2021
shakuzen added a commit that referenced this issue Aug 26, 2021
@shakuzen
Deprecate JsonUtils and remove implementation
19e6bc6 
The code for the prettyPrint method comes from Stackoverflow, which has a license incompatible with our Apache licensed code. The Stackoverflow code has been removed and the method/class deprecated for removal. On the off chance this API is used, I did not delete the whole class in a patch release. Though it was always intended to be an internal class, it was not clearly marked as such.

The effect of this is that the `HttpSender.Request` class' `toString` will no longer be pretty-printed for JSON requests. This is an acceptable compromise for now rather than coming up with an original implementation for non-critical functionality.

See gh-2762
@shakuzen shakuzen changed the title License violations in micrometer-core License violation in JsonUtils Aug 26, 2021
@shakuzen
Copy link
Member

I've renamed the issue to focus it on the code in JsonUtils. We can look at tackling other Stackoverflow code in a separate issue since the solution here is wholly removing the code, whereas other places it is more likely we will need an alternate Apache-friendly implementation.

shakuzen added a commit that referenced this issue Aug 26, 2021
@shakuzen
Delete JsonUtils
d7bf555 
This was an internal class that had problematically licensed code included. That code has been removed and so this class has been deleted going forward.

See gh-2762
@shakuzen
Copy link
Member

With 19e6bc6 I've removed the code for upcoming patch releases, leaving the JsonUtil class and its prettyPrint method deprecated with an implementation that returns the input string. Therefore, HttpSender.Request will no longer be pretty printed via its toString method.
With d7bf555 I've deleted the JsonUtil class entirely for the upcoming feature release 1.8.

izeye added a commit to izeye/micrometer that referenced this issue Oct 15, 2021
@izeye
Reimplement TimeUtils.format()
54830e4 
See micrometer-metricsgh-2762
@izeye izeye mentioned this issue Oct 15, 2021
Merged
@izeye
Copy link
Contributor

izeye commented Oct 15, 2021

I created #2833 to try to resolve the TimeUtils part.

shakuzen pushed a commit that referenced this issue Oct 18, 2021
@izeye
Reimplement TimeUtils.format() (#2833)
ac2711a 
See gh-2762
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shakuzen shakuzen

Labels
module: micrometer-core An issue that is related to our core module release notes Noteworthy change to call out in the release notes type: task A general task
Projects
None yet
Milestone
1.6.11
Development

No branches or pull requests
3 participants
@izeye @shakuzen @ChristianOberleitner