Missing license on SnapshotRestore.Registry package
mbp opened this issue · 9 comments
Describe the bug
Amazon.Lambda.RuntimeSupport now depends on new package SnapshotRestore.Registry
In our organisation, we monitor the licenses of NuGet packages, and usually AWS packages use Apache 2.0 license. However, the SnapshotRestore.Registry package does not specify a license.
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
That the SnapshotRestore.Registry uses the Apache 2.0 license.
Current Behavior
Missing license
Reproduction Steps
- Go to https://www.nuget.org/packages/SnapshotRestore.Registry
- See that no License is set
Possible Solution
No response
Additional Information/Context
No response
AWS .NET SDK and/or Package version used
SnapshotRestore.Registry 1.0.0
Targeted .NET Platform
.NET 8
Operating System and version
Windows
We should perhaps include the below license (taken from Amazon.Lambda.RuntimeSupport) in the header of source .cs files:
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/@normj Please review the wording.
@mbp Please confirm if you are referring to license header comment in source .cs file(s).
Thanks,
Ashish
@ashishdhingra no, I refer to the license specified on the NuGet package.
If you go to https://www.nuget.org/packages/Amazon.Lambda.RuntimeSupport then you can see license information which links to https://aws.amazon.com/apache-2-0/
If you go to https://www.nuget.org/packages/SnapshotRestore.Registry, then there is no license information.
@ashishdhingra no, I refer to the license specified on the NuGet package.
If you go to https://www.nuget.org/packages/Amazon.Lambda.RuntimeSupport then you can see license information which links to https://aws.amazon.com/apache-2-0/ If you go to https://www.nuget.org/packages/SnapshotRestore.Registry, then there is no license information.
@mbp Thanks for the confirmation. Upon further analysis, looks like:
- Amazon.Lambda.RuntimeSupport.csproj refers buildtools/common.props, which has
PackageLicenseUrldefined here. - SnapshotRestore.Registry.csproj does not refer
buildtools/common.propsand also doesn't definePackageLicenseUrl.
Fix would be to declare PackageLicenseUrl in SnapshotRestore.Registry.csproj and publish it with a new version bump.
@mbp That is a miss on our part not getting the license in there. We will get it updated but due to US holidays and re:Invent next week we won't be able to push out a new version till after re:Invent.
It is also not using the reserved 'Amazon.' prefix on the nuget package so for now we're not permitting our devs to upgrade to it. Can that be corrected too?
It also seems Amazon.Lambda.Annotations lost the license. On 1.5.2 it was Apache 2.0, But no license specified on 1.5.3.
It also seems Amazon.Lambda.Annotations lost the license. On 1.5.2 it was Apache 2.0, But no license specified on 1.5.3.
@mbp Thanks for reporting the same.
In PR #1842, Libraries/src/Amazon.Lambda.Annotations.nuspec was removed, which contained the licensing information. However, Amazon.Lambda.Annotations.csproj wasn't updated to include the same.
CC @philasmar @normj We should scan all packages that had .nuspec file removed and fix which ones as missing licensing (and may be other relevant) information.
It is also not using the reserved 'Amazon.' prefix on the nuget package so for now we're not permitting our devs to upgrade to it. Can that be corrected too?
I'll bring this up to the Lambda team but this naming was intentional by the Lambda team for the idea of SnapStart hooks being a bigger concept than just an AWS idea.
@mbp Licensing information has been fixed for below packages:
Please verify and confirm if this issue could be closed.
Thanks,
Ashish