Recently, a developer filed an issue on Dapr’s GitHub repo stating that one of the tool libraries (bouk/monkey) that Dapr relies on contains a “No One Can Use” license.
Dapr is a portable, event-driven runtime for building distributed applications across the cloud and the edge.
This License states the following.
As you can see, the library author explicitly states in the License that he does not grant anyone permission to use this tool for any purpose.
The developer who submitted the issue said that Dapr uses the monkey tool library in pkg/components/standalone_loader_test.go. The Dapr maintainer confirmed that this library was introduced during the merge #3158 PR and is only used in testing (so it is not compiled and distributed in the binaries). distributed in the binary). So they won’t undo the whole PR, they will just rewrite the tests.
Finally, Dapr removed the bou.ke/monkey dependency.
The incident generated an active discussion among developers at Hacker News, and the author of the monkey toolkit library responded in person, wondering about the fact that everyone was talking about the licenses he wrote instead of the projects themselves, and feeling that his projects were not being taken seriously. He believes that Licenses are not as important as some people think, because they are not computer code.