dependency lacks license

[pymnh]

I am working on getting this software into debian.

Unfortunately, one dependency of scep, github.com/groob/finalizer, has no license. debian does not include any non-free licensed source code (including build-dependencies), and distributing non-licensed code is even illegal since no license means all rights reserved by the author.

I have opened an issue but received no answer from @groob
If you have other ways to get their attention on this or know some other solution to the issue I'd be very thankful

[omorsi]

I think we can remove the logutil.NewHTTPLogger(logger).LoggingFinalizer part to get rid of the dependency because IIRC, that is the only line that we need this dependency for. This line is needed for post-http request logging. IMO, it is not a crucial part.

[groob]

I added the license, but as omorsi mentions, the extra debug line is not critical. I'd accept a change which removes the need for this dependency, either by skipping over the http logging (with a tracking TODO issue), or something that uses github.com/felixge/httpsnoop instead.

Example of what I have in mind:
https://github.com/micromdm/micromdm/blob/e96b8d0cf53fc61e7eb203d9f5d72ed2334238c7/pkg/log/http.go

[pymnh]

oupsie, I forgot to reply to you @omorsi
thanks for the suggestion! I added a downstream patch removing the dependency on finalizer and uploaded the package.

however, now that the license issue is fixed (thanks @groob) I would just upload finalizer too and revert the debian patch once finalizer has found its way into the debian buildservers