LF AI NNstreamer Project Scan and Findings


Jeff Shapiro <jshapiro@...>
 

Hi Team,

I'm taking over the licesne scanning responsibilities from Steve Winslow.

Here are the results from the most recent license scan of the NNstreamer project.  The scan was performed on the codebase at:  https://github.com/nnstreamer/nnstreamer  based on a snapshot from Feb 2, using the Linux Foundation Fossology server.  Licenses and copyrights were examined.

The key findings (if any) and license summary can be found in the HTML report, the list of files in the spreadsheet, and also find the SPDX file listed below:

REPORTS:

lfai/nnstreamer, code pulled 2022-02-02
  - report: https://lfscanning.org/reports/lfai/nnstreamer-2022-02-02-944feaca-0a1b-4a63-bf63-72370e333b96.html
  - xlsx:   https://lfscanning.org/reports/lfai/nnstreamer-2022-02-02-944feaca-0a1b-4a63-bf63-72370e333b96.xlsx
  - spdx:   https://github.com/lfscanning/spdx-lfai/tree/master/nnstreamer/2022-01/nnstreamer-2022-02-02.spdx


NOTE:  For any key findings listed, they may be new or they may be carried over from the last scan that Steve did last September.

Please feel free to contact me with any questions about the scan results.  Be sure to reply to me directly as I may not get an email sent directly to the distribution list.

Thanks, Jeff

Jeff Shapiro
408-910-7792
jshapiro@...




MyungJoo Ham
 

Finding #1: for the nnshark/gstshark issue, I've contacted gstshark: https://github.com/RidgeRun/gst-shark/issues/105

It is a fork of RidgeRun/gstshark, I'd first ask them to clarify the license.

Finding #4: Yes, there are a few projects intentionally licensed under Apache 2.0; where users are expected to use/update/include it directly, not linking as a shared library. In such cases, LGPL will be a roadblock against commercial embedded devices.

I'll keep looking at other Findings, too.

Thanks a lot!