I was performing a more thorough check of our dependencies in preparation of opening graduation discussions with the Incubator PMC and found at least one package that, while not directly used in the code, is installed as a dependency of multiple top-level dependencies that is LGPL licensed. The dependencies that rely on this are themselves not a license issue (BSD-3 & MIT licenses). How is this situation usually handled?
I also found a package that has a license that isn't listed on the 3rd party licenses page: HPND [1][2] which, from what I can tell, is similar to the BSD-3 or MIT licenses, though I just wanted to double-check on that... [1] https://github.com/python-pillow/Pillow/blob/main/LICENSE [2] https://en.wikipedia.org/wiki/Historical_Permission_Notice_and_Disclaimer --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
