mimemagic
compliance-backend
mimemagic | compliance-backend | |
---|---|---|
12 | 1 | |
370 | 12 | |
- | - | |
4.1 | 9.6 | |
about 3 years ago | 1 day ago | |
Ruby | Ruby | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
mimemagic
-
MimeMagic versions prior to 0.3.6 have been yanked from RubyGems and it's GPL 2.0 now
pretty clear that they copied GPL code, needed to relicense as GPL. they did a booboo https://github.com/minad/mimemagic/issues/97
His initial commit from 12 years ago referred to ‘shared-mime-info’ in this line: Blame: https://github.com/minad/mimemagic/blame/master/script/freedesktop.org.xml
-
Removed Gem “Breaks” Rails ActiveStorage
Not so fast in that claim.
First of all the infringing file is https://github.com/minad/mimemagic/blob/master/script/freede.... Sure, it is in XML. But it contains a tremendous amount of free-form text, specific sets of pattern matching rules for the data types, and so on. It is a compilation of sometimes original research on the best ways to detect file types. Ruby has other mime libraries. The reason why this one was chosen is that its detection algorithms make better choices. And the reason that they make better choices is that they copied the decision rules from a GPLed project.
But even if it were a simple compilation, it still is not guaranteed that there is no copyright. See https://en.wikipedia.org/wiki/Copyright_in_compilation for an introductory article on what can and can't be copyrighted about a compilation. And one of the elements that matters is creativity in the selection of the material. A set of rules with a lot of "look for this" while leaving out various reasonable thats that don't work so well shows considerable creativity.
That said, a judge may decide otherwise. You never know until a judge decides. But I would not presume that there is no copyright interest to be had here.
- Mimemagic Is Now GPLv2
- Mimemagic gem yank disrupts Rails installations
compliance-backend
-
Removed Gem “Breaks” Rails ActiveStorage
And according to the twitter-bio of the individual, who brought this up, he's related to Red Hat, which are also affected [^1].
[^1]https://github.com/RedHatInsights/compliance-backend/pull/79...
What are some alternatives?
gemstash - A RubyGems.org cache and private gem server
inspec - InSpec: Auditing and Testing Framework
savant-core - This is the main project for the Savant build tool
Ruby on Rails - Ruby on Rails
mimemagic - Mime type detection in ruby via file extension or file content
mimemagic - Mime type detection in ruby via file extension or file content
rack-freeze - A policy framework for implementing thread-safe rack middleware.
mimemagic - Powerful and versatile MIME sniffing package using pre-compiled glob patterns, magic number signatures, XML document namespaces, and tree magic for mounted volumes, generated from the XDG shared-mime-info database.