Uploaded image for project: 'Zapped: AcousticBrainz'
  1. Zapped: AcousticBrainz
  2. AB-25

Static essentia extractor builds are being distributed in violation of ffmpeg/libav license

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • None
    • None

      Upon examination of the binaries included in the static extractor packages available from http://acousticbrainz.org/download I noticed that the binary includes a statically linked copy of ffmpeg or libav (I'm guessing that it may be libav 0.8, but that's a pretty wild guess), but no mention is made of this fact, and no copy of the ffmpeg/libav license (in this case, LGPL-2.1) is included with the package. As well, there is no download available of the corresponding source, or indeed any indication of where the source could be obtained from.

      Note that libav has a license compliance checklist available at http://libav.org/legal.html (some of the steps are recommendations, not requirements, but it's still a good reference.); ffmpeg has an almost identical one at http://ffmpeg.org/legal.html

      Note that I only examined the x86_64 linux binary, but presumably this applies to others.

      There's a few other things to note, not directly related to the ffmpeg/libav build used:

      • The download does not include the license for the extractor itself (presumably AGPL-3?), and I cannot find a download corresponding to the source code that the extractor was built from.
      • Please also check what other third-party libraries may be linked into the binary - I suspect you might have libraries such as taglib or zlib included as well.

          Loading...
          Uploaded image for project: 'Zapped: AcousticBrainz'
          1. Zapped: AcousticBrainz
          2. AB-25

          Static essentia extractor builds are being distributed in violation of ffmpeg/libav license

            • Icon: Bug Bug
            • Resolution: Unresolved
            • Icon: Normal Normal
            • None
            • None
            • None
            • None

              Upon examination of the binaries included in the static extractor packages available from http://acousticbrainz.org/download I noticed that the binary includes a statically linked copy of ffmpeg or libav (I'm guessing that it may be libav 0.8, but that's a pretty wild guess), but no mention is made of this fact, and no copy of the ffmpeg/libav license (in this case, LGPL-2.1) is included with the package. As well, there is no download available of the corresponding source, or indeed any indication of where the source could be obtained from.

              Note that libav has a license compliance checklist available at http://libav.org/legal.html (some of the steps are recommendations, not requirements, but it's still a good reference.); ffmpeg has an almost identical one at http://ffmpeg.org/legal.html

              Note that I only examined the x86_64 linux binary, but presumably this applies to others.

              There's a few other things to note, not directly related to the ffmpeg/libav build used:

              • The download does not include the license for the extractor itself (presumably AGPL-3?), and I cannot find a download corresponding to the source code that the extractor was built from.
              • Please also check what other third-party libraries may be linked into the binary - I suspect you might have libraries such as taglib or zlib included as well.

                    Unassigned Unassigned
                    kepstin Calvin Walton
                    Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                      Created:
                      Updated:

                        Version Package

                          Unassigned Unassigned
                          kepstin Calvin Walton
                          Votes:
                          0 Vote for this issue
                          Watchers:
                          1 Start watching this issue

                            Created:
                            Updated:

                              Version Package