chore(README) add a warning about legal compliance #803
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Until #769 is fixed, we need to advise reusers to either become BlockNote sponsors or not to use the XL packages.
lunika
reviewed
Mar 25, 2025
README.md
Outdated
Comment on lines
27
to
28
| ⚠️ **If you plan to deploy Docs in production**, please remove the [docs/pdf exporters](https://github.com/suitenumerique/docs/blob/main/src/frontend/apps/impress/package.json#L22C7-L23C53) or sponsor [BlockNote](https://www.blocknotejs.org). Docs 2.7.0 will update this repository so that it does not provide these packages by default, while making it easy to require them if needed. | ||
|
|
There was a problem hiding this comment.
Multiple things :
- I don't understand why it should not be possible to deploy this application in production because there are AGPL code in it. In that case a consequent part of the internet should be shutdown for using code with AGPL license. Only project built on top with a commercial/proprietary usage should not. And the commercial part is not because we use a lib with AGPL but because the library editor doesn't allow it.
- Removing the libraries will break the application, it will be not possible anymore to build the front application.
I suggest instead to add a warning saying that there are AGPL code in the application so it's not possible to use it in a proprietary application and add a list with all licenses used in the project.
Then we will see how to remove them by providing a separate package providing the exports feature. And I can't tell you in which version it will be made.
Every user having an access to a document, no matter its role have access to the entire accesses list with all the user details. Only owner or admin should be able to have the entire list, for the other roles, they have access to the list containing only owner and administrator with less information on the username. The email and its id is removed
The argocd webhook call needs now to use sha256 digest now to sign
Level filtering was used on the logging console handler. We remove as it is not necessary to have it.
Ypy is deprecated and unmaintained. We have problem with parsing existing documents. We replace it by pycrdt, library actively maintained and without the issues we have with Ypy.
The way to connect to the hocuspocus server needs to be proxified in nginx to query a dedicated route in the django application and then follow the request to the express server with the additionnal headers. The auth can be done in the express server by querying the backend on the document retrieve endpoint. If the response status code is 200, the user has access to the document, otherwise it is not the case. Then we can check the abilities to determine what the user can do or not.
We don't need anymore the collaboration-auth endpoint. Every code related to it is removed.
We only use uuid v4 as hocuspocus dicument name. To be sure nothing else is used we check that the documentName is a valid uuid version 4.
- fix width select export
The way that collaboration server authentifies the user has changed. We adapt the configuration to the new way of doing it, by removing the nginx auth url, and by adding COLLABORATION_BACKEND_BASE_URL setting.
When multiple tabs are open, the new service worker can stay in the "waiting" state and not be activated until the other tabs with the old service worker are closed. We fix this by forcing the other tabs to reload the page when a new service worker is detected. All tabs will then be reloaded and the new service worker will be activated.
Added: - 📄(legal) Require contributors to sign a DCO Changed: - ♻️(frontend) Integrate UI kit - 🏗️(y-provider) manage auth in y-provider app Fixed: - 🐛(backend) compute ancestor_links in get_abilities if needed - 🔒️(back) restrict access to document accesses
|
I update the warning wrt our discussion cc @lunika @virgile-dev. Let me know if this is acceptable for the team. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Until #769 is fixed, we need to advise reusers to either become BlockNote sponsors or not to use the XL packages.