You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@beam.apache.org by Dennis Brinley <De...@solace.com> on 2022/05/18 20:26:04 UTC

BEAM-14479 Dependency license questions

I am currently developing an IO that I would like to submit to Apache Beam project (SolaceIO). The IO itself is Apache2.0 licensed.
** Does every chained dependency (pulled from Maven repo) need to be opensource?

ASF 3rd Party License Policy page lists category B: What can we maybe include in an ASF project.
** Are there specific guidelines as to what might be cause for exclusion?
** If I introduce an IO that has a dependency to handle communications protocol and is licensed as CDDL1.1 (weak copyleft) – would that be a cause for concern?

Thanks,


[Logo  Description automatically generated]<https://solace.com/>
Dennis Brinley
CTO Group Architect
Phone: +1 (717) 503-5346
Solace.com<https://solace.com/>

________________________________
Confidentiality notice

This e-mail message and any attachment hereto contain confidential information which may be privileged and which is intended for the exclusive use of its addressee(s). If you receive this message in error, please inform sender immediately and destroy any copy thereof. Furthermore, any disclosure, distribution or copying of this message and/or any attachment hereto without the consent of the sender is strictly prohibited. Thank you.

Re: BEAM-14479 Dependency license questions

Posted by Alexey Romanenko <ar...@gmail.com>.

+ JBO, Davor, Kenn

IIRC, basically, it should be fine if we don’t distribute such artifacts, but I believe it would be better to consider the list of such dependencies and their licences for this case because it can be many nuances there. 

—
Alexey


> On 19 May 2022, at 15:33, Kamil Bregula <ka...@snowflake.com> wrote:
> 
> Optional components have less strict rules. See: "YOU MAY RELY ON THEM WHEN THEY SUPPORT AN OPTIONAL FEATURE" question in FAQ:
> https://www.apache.org/legal/resolved.html#optional <https://www.apache.org/legal/resolved.html#optional>
> 
> 
> On Wed, May 18, 2022 at 10:36 PM Dennis Brinley <Dennis.Brinley@solace.com <ma...@solace.com>> wrote:
> I am currently developing an IO that I would like to submit to Apache Beam project (SolaceIO). The IO itself is Apache2.0 licensed.
> 
> ** Does every chained dependency (pulled from Maven repo) need to be opensource?  
> 
>  
> 
> ASF 3rd Party License Policy page lists category B: What can we maybe include in an ASF project.
> 
> ** Are there specific guidelines as to what might be cause for exclusion?
> 
> ** If I introduce an IO that has a dependency to handle communications protocol and is licensed as CDDL1.1 (weak copyleft) – would that be a cause for concern?
> 
>  
> 
> Thanks,
> 
>  
> 
>  
> 
>  <>		
> Dennis Brinley
> CTO Group Architect
> 
> Phone: +1 (717) 503-5346
> 
> Solace.com <> 
> 
>  
> 
> Confidentiality notice 
> 
> This e-mail message and any attachment hereto contain confidential information which may be privileged and which is intended for the exclusive use of its addressee(s). If you receive this message in error, please inform sender immediately and destroy any copy thereof. Furthermore, any disclosure, distribution or copying of this message and/or any attachment hereto without the consent of the sender is strictly prohibited. Thank you.

Re: BEAM-14479 Dependency license questions

Posted by Kamil Bregula <ka...@snowflake.com>.

Optional components have less strict rules. See: "YOU MAY RELY ON THEM WHEN
THEY SUPPORT AN OPTIONAL FEATURE" question in FAQ:
https://www.apache.org/legal/resolved.html#optional


On Wed, May 18, 2022 at 10:36 PM Dennis Brinley <De...@solace.com>
wrote:

> I am currently developing an IO that I would like to submit to Apache Beam
> project (SolaceIO). The IO itself is Apache2.0 licensed.
>
> ** Does every chained dependency (pulled from Maven repo) need to be
> opensource?
>
>
>
> ASF 3rd Party License Policy page lists category B: What can we *maybe*
> include in an ASF project.
>
> ** Are there specific guidelines as to what might be cause for exclusion?
>
> ** If I introduce an IO that has a dependency to handle communications
> protocol and is licensed as CDDL1.1 (weak copyleft) – would that be a cause
> for concern?
>
>
>
> Thanks,
>
>
>
>
>
> [image: Logo Description automatically generated]
>
> *Dennis Brinley*
> CTO Group Architect
>
> Phone: +1 (717) 503-5346
>
> Solace.com
>
>
> ------------------------------
> Confidentiality notice
>
> This e-mail message and any attachment hereto contain confidential
> information which may be privileged and which is intended for the exclusive
> use of its addressee(s). If you receive this message in error, please
> inform sender immediately and destroy any copy thereof. Furthermore, any
> disclosure, distribution or copying of this message and/or any attachment
> hereto without the consent of the sender is strictly prohibited. Thank you.
>