> a mention of a GPL license can be fine Typically, you'd end up with an allow list, like [1][2]
[1] https://github.com/apache/flink/blob/d0c9ed9ff47cd0f0fae62958521a0b18e5cd9bf3/tools/ci/flink-ci-tools/src/main/java/org/apache/flink/tools/ci/licensecheck/JarFileChecker.java#L194-L260 [2] https://github.com/apache/opendal/blob/c35da0d92442756d5742eaf70a2259dd23621b53/deny.toml#L28-L48 Best, tison. <[email protected]> 于2025年11月22日周六 21:44写道: > > Hi, > > One extra point that is worth mentioning. On several occasions, I’ve seen > automation give a false sense of security. A tool reports everything as > clean, and people assume the release is fine when it is not. It’s only when > humans look deeper that a serious issue is discovered. For example, a mention > of a GPL license can be fine, depending on the context, and automation is > unlikely to detect it. > > Kind Regards. > > Justin --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
