当前位置:网站首页>Ruby "rollover": the code base was taken off the shelves due to license errors, causing 500000 projects into chaos

Ruby "rollover": the code base was taken off the shelves due to license errors, causing 500000 projects into chaos

2021-04-08 16:14:19 InfoQ

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"italic"},{"type":"size","attrs":{"size":10}},{"type":"strong"}],"text":" This article was originally published in The Register, The original author Thomas Claburn to grant authorization ,InfoQ Translate and share ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3 month 31 Japan , Software library shared-mime-info The maintainer of Bastien Nocera It's a notice Ruby library - mimemagic The maintainer of Daniel Mendler, The library contains Nocera Code for , And it uses an incompatible software license to distribute mimemagic."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"shared-mime-info The library is already "},{"type":"link","attrs":{"href":"https:\/\/www.gnu.org\/licenses\/old-licenses\/gpl-2.0.html?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"GPLv2"}]},{"type":"text","text":" Get permission under , and mimemagic Is listed as "},{"type":"link","attrs":{"href":"https:\/\/opensource.org\/licenses\/MIT?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"MIT"}]},{"type":"text","text":" Licensed projects ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“ Use one GPL File as source file , Will make your entire code base a derivative , Make it all into GPL, therefore , I think that when someone uses it for pure MIT Before code base or closed source application , Solve this problem first , It's very important .”Nocera In a "},{"type":"link","attrs":{"href":"https:\/\/github.com\/minad\/mimemagic\/issues\/97?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"Issues post "}]},{"type":"text","text":" wrote ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“ There is an urgent need to put GPL The header is added back to shared-mime-info XML file . This is a tarball Part of the distribution's tools for merge transformation , But in the same file .in Visible in version .”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Mendler thank Nocera The notice of , And immediately send the latest version 0.4.0 and 0.3.6"},{"type":"link","attrs":{"href":"https:\/\/github.com\/minad\/mimemagic\/commit\/c0f7b6b21a192629839db87612794d08f9ff7e88?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":" Moved to GPLv2 Next "}]},{"type":"text","text":", And it's also undone what was previously published in RubyGems.org Previous editions ,rubygems yes Ruby The package registry used by the developer . Then he will "},{"type":"link","attrs":{"href":"https:\/\/github.com\/minad\/mimemagic?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"mimemagic Of GitHub repo"}]},{"type":"text","text":" The archive , That means it's no longer actively developed ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Unfortunately , This move "},{"type":"link","attrs":{"href":"https:\/\/github.com\/minad\/mimemagic\/issues\/98?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":" damage "}]},{"type":"text","text":" 了 Ruby on Rails This popular Web Development framework , It contains mimemagic 0.3.5 As a dependency . This too "},{"type":"link","attrs":{"href":"https:\/\/github.com\/minad\/mimemagic\/network\/dependents?package_id=UGFja2FnZS0xMDYyMDY=&fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":" influence "}]},{"type":"text","text":" Other 172 Software package , Which includes 577148 There are two different software libraries ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Not all of these projects will be immediately affected , however , If you don't implement dependency caching , Any from RubyGems.org Gets the withdrawn version of mimemagic All of the build processes will fail ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" contain mimemagic Software projects that include GPLv2 The impact of license code , In some cases, this may not be acceptable . If this is feasible in law and in practice , They can switch to 0.3.6 or 0.4.0 Version Library ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Such as by the British government 、 Department of energy and industrial strategy "},{"type":"link","attrs":{"href":"https:\/\/github.com\/UKGovernmentBEIS\/beis-report-official-development-assistance\/pull\/1015?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"Web application "}]},{"type":"text","text":"、"},{"type":"link","attrs":{"href":"https:\/\/github.com\/filestack\/filestack-ruby\/issues\/77?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"FileStack CMS Of Ruby SDK"}]},{"type":"text","text":"、 be based on Rails Markable image application "},{"type":"link","attrs":{"href":"https:\/\/github.com\/danbooru\/danbooru\/issues\/4776?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"Danbooru"}]},{"type":"text","text":" Projects such as , Are thinking about how to solve this problem , It reminds me of 2016 Year of "},{"type":"link","attrs":{"href":"https:\/\/www.theregister.com\/2016\/03\/23\/npm_left_pad_chaos\/?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"Left-Pad event "}]},{"type":"text","text":"."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" because mimemagic Mainly "},{"type":"link","attrs":{"href":"https:\/\/github.com\/minad\/mimemagic\/blob\/master\/lib\/mimemagic\/tables.rb?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":" One mime Database of type data mapping "}]},{"type":"text","text":", therefore Rails The team is thinking about "},{"type":"link","attrs":{"href":"https:\/\/github.com\/rails\/rails\/issues\/41750#issuecomment-805977682?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":" Other options "}]},{"type":"text","text":", Include 2-clause BSD Authorized by the "},{"type":"link","attrs":{"href":"https:\/\/man7.org\/linux\/man-pages\/man3\/libmagic.3.html?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"libmagic"}]},{"type":"text","text":" or mime Data Ruby transformation . however , To achieve this goal , There's a lot more to do ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" As for the others ,Shopify Application manufacturers ASoft The founder of "},{"type":"link","attrs":{"href":"https:\/\/github.com\/sergey-alekseev?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"Sergey Alekseev"}]},{"type":"text","text":" requirement Mendler"},{"type":"link","attrs":{"href":"https:\/\/github.com\/rails\/rails\/issues\/41750#issuecomment-805831354?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":" keep mimemagic repo Active state of "}]},{"type":"text","text":", So that other affected projects can discuss their options here ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" however Mendler and "},{"type":"link","attrs":{"href":"https:\/\/github.com\/rails\/rails\/issues\/41750#issuecomment-805834045?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":" Disagree "}]},{"type":"text","text":", He said :“Rails There is no doubt that the dependence of is the most influential . If we can find a suitable Rails Solutions for , And get the Rails Team recognition , So much the better .”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" Open source licensing Consultant Paul Berg In an email to The Register Express , Despite the current difficult situation , But it seems that the relevant developers are ready ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“ Because it depends on mimemagic The maintainer of the library found that it contained GPL Code , They switched to GPL The license .” He said ,“ What is admirable is , Once problems are found , They'll react , Instead of being silent about it , Let the problem continue .”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“ However , It's really important Rails It brings a big problem ,”Berg say .“Rails It is widely used in MIT Licensed applications ,MIT License is a kind of permissive license . Because many applications use Rails Compiling , Assume that these applications are not GPL copyright protection , So it's very likely that many of these applications don't conform to GPL Clause , Because they didn't take these terms into account when they were deployed .”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“ therefore , take Rails Re license to GPL, send Rails Meet the requirements , It's for thousands of teams , It's probably a huge change , It's not actually a viable solution . Unfortunately , Other solutions are probably not easy .”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Berg Express ,mimemagic Try to replace GPL Part of the code , And keep it MIT The license . He said , Another option is Rails Complete substitution mimemagic, The premise is that there is an appropriate alternative ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“ No matter what , because Rails The popularity of , Its importance in the industry is self-evident , Solving this problem may not be a trivial matter in the short term .” He said .“ I don't envy their situation .”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“ This explains when you introduce all the dependencies and reuse code , Why do you have to list them carefully , And try to make sure that the licensing of these dependencies is consistent with your intentions . This is very important .”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":" What's new "},{"type":"text","text":":4 month 1 Japan ,mimemagic Updated to v0.4.1, To restore the MIT The license , And deleted GPL Covered code :theFreedesktop.org Shared Mime Types database . Now users have to provide .0.3.6 and 4.0 The version has been repealed , It's frustrating for a lot of people ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":" The authors introduce :"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Thomas Claburn, Living in the San Francisco Bay Area , be responsible for The Register Software development 、DevOps、 Computer security, etc ."}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":" Link to the original text :"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/www.theregister.com\/2021\/03\/25\/ruby_rails_code?fileGuid=zLXj22ubrogiy5ah","title":"","type":null},"content":[{"type":"text","text":"https:\/\/www.theregister.com\/2021\/03\/25\/ruby_rails_code"}]}]}]}

版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://chowdera.com/2021/04/20210408161240877l.html