RE: Re: BEAM-14479 Dependency license questions

[Dennis Brinley <De...@solace.com>]

Thanks for the replies and sorry for the delayed response. I think a little more context will be helpful.

The IO is to stream to and from a Pub Sub event broker, and the Pub Sub Broker (Solace) and the APIs to connect to it is free, but not fully open source. The dependency is available publicly as a binary in maven central. GAV=com.solacesystems, sol-jcsmp, 10.14.0 (latest)

The broker (Solace), and API Library can be downloaded from here: https://solace.com/downloads/
and the documentation and samples are here: https://www.solace.dev/

We have a few users using the IO, as you can see in the blog referenced below, and we would like it available to the community.
https://cloud.google.com/blog/products/data-analytics/how-grasshopper-uses-bigquery-and-cloud-dataflow-for-their-real-time-financial-data-app

Can you please guide us the path forward on handling the non open source API libraries?

*** I’m sending this via email client since I don’t have logon access to apach.org mail service. Here is the thread in case this response doesn’t get linked: https://lists.apache.org/thread/3oxkrmcon0jd9qgkd8brx05jm69pfvs8

Thx,
Dennis

On 2022/05/19 15:33:28 Alexey Romanenko wrote:
> + JBO, Davor, Kenn
>
> IIRC, basically, it should be fine if we don’t distribute such artifacts, but I believe it would be better to consider the list of such dependencies and their licences for this case because it can be many nuances there.
>
> —
> Alexey
>
>
> > On 19 May 2022, at 15:33, Kamil Bregula <ka...@snowflake.com>> wrote:
> >
> > Optional components have less strict rules. See: "YOU MAY RELY ON THEM WHEN THEY SUPPORT AN OPTIONAL FEATURE" question in FAQ:
> > https://www.apache.org/legal/resolved.html#optional <https://www.apache.org/legal/resolved.html#optional>
> >
> >
> > On Wed, May 18, 2022 at 10:36 PM Dennis Brinley <De...@solace.com> <ma...@solace.com>>> wrote:
> > I am currently developing an IO that I would like to submit to Apache Beam project (SolaceIO). The IO itself is Apache2.0 licensed.
> >
> > ** Does every chained dependency (pulled from Maven repo) need to be opensource?
> >
> >
> >
> > ASF 3rd Party License Policy page lists category B: What can we maybe include in an ASF project.
> >
> > ** Are there specific guidelines as to what might be cause for exclusion?
> >
> > ** If I introduce an IO that has a dependency to handle communications protocol and is licensed as CDDL1.1 (weak copyleft) – would that be a cause for concern?
> >
> >
> >
> > Thanks,
> >
> >
> >
> >
> >
> >  <>
> > Dennis Brinley
> > CTO Group Architect
> >
> > Phone: +1 (717) 503-5346
> >
> > Solace.com <>
> >
> >
> >
> > Confidentiality notice
> >
> > This e-mail message and any attachment hereto contain confidential information which may be privileged and which is intended for the exclusive use of its addressee(s). If you receive this message in error, please inform sender immediately and destroy any copy thereof. Furthermore, any disclosure, distribution or copying of this message and/or any attachment hereto without the consent of the sender is strictly prohibited. Thank you.
>
>
________________________________
Confidentiality notice

This e-mail message and any attachment hereto contain confidential information which may be privileged and which is intended for the exclusive use of its addressee(s). If you receive this message in error, please inform sender immediately and destroy any copy thereof. Furthermore, any disclosure, distribution or copying of this message and/or any attachment hereto without the consent of the sender is strictly prohibited. Thank you.