Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Azure Storage Python Introduces Viral LGPL Dependencies

See original GitHub issue

Which service(blob, file, queue) does this issue concern?

blob

Which version of the SDK was used? Please provide the output of `pip freeze`.

$ pipenv run pip install azure-storage-blob
...
$ pipenv run pip freeze
asn1crypto==0.24.0
azure-common==1.1.16
azure-nspkg==3.0.2
azure-storage-blob==1.3.1
azure-storage-common==1.3.0
azure-storage-nspkg==3.0.0
certifi==2018.10.15
cffi==1.11.5
chardet==3.0.4
cryptography==2.3.1
enum34==1.1.6
futures==3.2.0
idna==2.7
ipaddress==1.0.22
pycparser==2.19
python-dateutil==2.7.3
requests==2.19.1
six==1.11.0
urllib3==1.23

What problem was encountered?

Installing azure-storage-blob library introduces a dependency to a LGPL library which infects any solution using the Azure Storage Library for Python. Furthermore, there is no documentation whatsoever in the Azure Storage Library, that it relies on LGPL licensed software which is an important aspect that should not be hidden.

Details:

https://github.com/Azure/azure-storage-python/blob/master/requirements.txt#L3

requests>=2.9.2

https://github.com/requests/requests/blob/master/setup.py#L51

'chardet>=3.0.2,<3.1.0',

To summarize this dependency chain:

Azure Storage Python -> Requests >= 2.9.2 -> chardet>=3.0.2,<3.1.0

Chardet License: https://github.com/chardet/chardet/blob/master/LICENSE

		  GNU LESSER GENERAL PUBLIC LICENSE
		       Version 2.1, February 1999

Have you found a mitigation/solution?

Mocking away chardet installing azure blob without dependencies and manually add required dependencies by hand. Not a good solution.

Issue Analytics

State:
Created 5 years ago
Comments:8 (5 by maintainers)

Top GitHub Comments

1reaction

illfangcommented, Oct 22, 2018

@zezha-msft I can understand your point of view on this issue. However, to be fair to the users of the storage library you should consider adding a NOTICE file pointing out, that this MIT licensed library will introduce LGPL licensed libraries as well.

0reactions

zezha-msftcommented, Oct 22, 2018

@illfang thanks for your understanding! And thanks for your advice. I’ll sync up with our legal team to see if it’s appropriate to put a notice file in the repo. 👍

Top Results From Across the Web

azure-storage-python/NOTICE.md at master - GitHub

Contribute to Azure/azure-storage-python development by creating an account ... the requests package, which has a dependency chardet that uses LGPL license.

Azure Storage SDK for Python | Microsoft Learn

Create, update , and delete storage accounts. Retrieve and regenerate storage account access keys.

Use Azure Storage with the Azure SDK for Python

This example demonstrated how to use the Azure client libraries in Python application code to upload a file to that Blob storage container....

Getting Started with Azure Storage Management in Python

Run this sample · If you don't already have it, install Python. · Install the dependencies using pip. Copy. cd storage-python-manage pip install...

Quickstart: Azure Blob Storage client library for Python

In this quickstart, you learn how to use the Azure Blob Storage client library for Python to create a container and a blob...