Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing license on SnapshotRestore.Registry package #1887

Open
1 task
mbp opened this issue Nov 27, 2024 · 8 comments
Open
1 task

Missing license on SnapshotRestore.Registry package #1887

mbp opened this issue Nov 27, 2024 · 8 comments
Labels
bug This issue is a bug. module/lambda-client-lib p2 This is a standard priority issue s Effort estimation: small

Comments

@mbp
Copy link

mbp commented Nov 27, 2024

Describe the bug

Amazon.Lambda.RuntimeSupport now depends on new package SnapshotRestore.Registry

In our organisation, we monitor the licenses of NuGet packages, and usually AWS packages use Apache 2.0 license. However, the SnapshotRestore.Registry package does not specify a license.

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

That the SnapshotRestore.Registry uses the Apache 2.0 license.

Current Behavior

Missing license

Reproduction Steps

  1. Go to https://www.nuget.org/packages/SnapshotRestore.Registry
  2. See that no License is set

Possible Solution

No response

Additional Information/Context

No response

AWS .NET SDK and/or Package version used

SnapshotRestore.Registry 1.0.0

Targeted .NET Platform

.NET 8

Operating System and version

Windows
@mbp mbp added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 27, 2024
@ashishdhingra
Copy link
Contributor

ashishdhingra commented Nov 27, 2024
edited
Loading

We should perhaps include the below license (taken from Amazon.Lambda.RuntimeSupport) in the header of source .cs files:

/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 *  http://aws.amazon.com/apache2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

@normj Please review the wording.

@mbp Please confirm if you are referring to license header comment in source .cs file(s).

Thanks,
Ashish

@ashishdhingra ashishdhingra added needs-review p2 This is a standard priority issue s Effort estimation: small and removed needs-triage This issue or PR still needs to be triaged. labels Nov 27, 2024
@mbp
Copy link
Author

mbp commented Nov 27, 2024

@ashishdhingra no, I refer to the license specified on the NuGet package.

If you go to https://www.nuget.org/packages/Amazon.Lambda.RuntimeSupport then you can see license information which links to https://aws.amazon.com/apache-2-0/
If you go to https://www.nuget.org/packages/SnapshotRestore.Registry, then there is no license information.

@ashishdhingra
Copy link
Contributor

@ashishdhingra no, I refer to the license specified on the NuGet package.

If you go to https://www.nuget.org/packages/Amazon.Lambda.RuntimeSupport then you can see license information which links to https://aws.amazon.com/apache-2-0/ If you go to https://www.nuget.org/packages/SnapshotRestore.Registry, then there is no license information.

@mbp Thanks for the confirmation. Upon further analysis, looks like:

Fix would be to declare PackageLicenseUrl in SnapshotRestore.Registry.csproj and publish it with a new version bump.

@normj
Copy link
Member

normj commented Nov 27, 2024

@mbp That is a miss on our part not getting the license in there. We will get it updated but due to US holidays and re:Invent next week we won't be able to push out a new version till after re:Invent.

@mungojam
Copy link

It is also not using the reserved 'Amazon.' prefix on the nuget package so for now we're not permitting our devs to upgrade to it. Can that be corrected too?

@mbp
Copy link
Author

mbp commented Nov 29, 2024

It also seems Amazon.Lambda.Annotations lost the license. On 1.5.2 it was Apache 2.0, But no license specified on 1.5.3.

@ashishdhingra
Copy link
Contributor

It also seems Amazon.Lambda.Annotations lost the license. On 1.5.2 it was Apache 2.0, But no license specified on 1.5.3.

@mbp Thanks for reporting the same.

In PR #1842, Libraries/src/Amazon.Lambda.Annotations.nuspec was removed, which contained the licensing information. However, Amazon.Lambda.Annotations.csproj wasn't updated to include the same.

CC @philasmar @normj We should scan all packages that had .nuspec file removed and fix which ones as missing licensing (and may be other relevant) information.

@normj
Copy link
Member

normj commented Nov 29, 2024
edited
Loading

It is also not using the reserved 'Amazon.' prefix on the nuget package so for now we're not permitting our devs to upgrade to it. Can that be corrected too?

I'll bring this up to the Lambda team but this naming was intentional by the Lambda team for the idea of SnapStart hooks being a bigger concept than just an AWS idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. module/lambda-client-lib p2 This is a standard priority issue s Effort estimation: small
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mbp @normj @mungojam @ashishdhingra