You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by Richard Downer <ri...@apache.org> on 2015/01/30 16:04:21 UTC
XebiaLabs OverThere license
Hello all,
I'm from the incubating Brooklyn project and we have a query about the
license on a software project that we would like to depend on.
The project is XebiaLabs' "OverThere":
https://github.com/xebialabs/overthere
However it comes with a possibly troublesome license:
https://raw.githubusercontent.com/xebialabs/overthere/master/LICENSE
It seems their intention is that it's GNU GPL2, unless the software
you are using it with is on a list of "approved" open source licenses,
in which case they'll let you off most of the GPL requirements. Apache
Software License v2 is on their approved list.
Reading the license I still see some potentially problematic clauses -
in particular 0.b.(ii) seems to say that source code must accompany
all binary distribution of the combined software product (a
requirement that ASLv2 doesn't have). Also, our project could
potentially be combined by our users with closed-source components in
a way that is permitted by ASLv2 but which then falls foul of this
list of approved licenses.
Possibly mitigating circumstances is that this dependency is not core
to our project and could be made optional (i.e., source code could
compile without error unless the dependency is specifically enabled,
and the binary distribution would operate normally without it until a
call for its specific functionality is made). Therefore we could push
the decision to include this component onto the end users, and it
would be their responsibility to comply with the license.
If we *were* to depend on OverThere, then we would express that as a
Maven dependency - so we would not be bundling any OverThere code in
our repository or source distribution. However we would like to start
making binary releases and therefore we may include the OverThere
binary inside our binary distribution.
Any opinions on this situation? Is there any way we can make this
work, or should it leave OverThere well alone?
Thanks for your comments,
Richard.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: XebiaLabs OverThere license
Posted by Jim Jagielski <ji...@jaguNET.com>.
+1
> On Jan 30, 2015, at 3:59 PM, Kevan Miller <ke...@gmail.com> wrote:
>
> IMO, your options are:
>
> 1) leave it alone, or
> 2) make it an optional dependency and allow users to make the decision.
>
> The license itself would fall under -- http://www.apache.org/legal/resolved.html#category-x (see the "special exceptions to gnu gpl")
>
> On Fri, Jan 30, 2015 at 7:04 AM, Richard Downer <ri...@apache.org> wrote:
> Hello all,
>
> I'm from the incubating Brooklyn project and we have a query about the
> license on a software project that we would like to depend on.
>
> The project is XebiaLabs' "OverThere":
> https://github.com/xebialabs/overthere
>
> However it comes with a possibly troublesome license:
> https://raw.githubusercontent.com/xebialabs/overthere/master/LICENSE
>
> It seems their intention is that it's GNU GPL2, unless the software
> you are using it with is on a list of "approved" open source licenses,
> in which case they'll let you off most of the GPL requirements. Apache
> Software License v2 is on their approved list.
>
> Reading the license I still see some potentially problematic clauses -
> in particular 0.b.(ii) seems to say that source code must accompany
> all binary distribution of the combined software product (a
> requirement that ASLv2 doesn't have). Also, our project could
> potentially be combined by our users with closed-source components in
> a way that is permitted by ASLv2 but which then falls foul of this
> list of approved licenses.
>
> Possibly mitigating circumstances is that this dependency is not core
> to our project and could be made optional (i.e., source code could
> compile without error unless the dependency is specifically enabled,
> and the binary distribution would operate normally without it until a
> call for its specific functionality is made). Therefore we could push
> the decision to include this component onto the end users, and it
> would be their responsibility to comply with the license.
>
> If we *were* to depend on OverThere, then we would express that as a
> Maven dependency - so we would not be bundling any OverThere code in
> our repository or source distribution. However we would like to start
> making binary releases and therefore we may include the OverThere
> binary inside our binary distribution.
>
> Any opinions on this situation? Is there any way we can make this
> work, or should it leave OverThere well alone?
>
> Thanks for your comments,
>
> Richard.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: XebiaLabs OverThere license
Posted by Kevan Miller <ke...@gmail.com>.
IMO, your options are:
1) leave it alone, or
2) make it an optional dependency and allow users to make the decision.
The license itself would fall under --
http://www.apache.org/legal/resolved.html#category-x (see the "special
exceptions to gnu gpl")
On Fri, Jan 30, 2015 at 7:04 AM, Richard Downer <ri...@apache.org> wrote:
> Hello all,
>
> I'm from the incubating Brooklyn project and we have a query about the
> license on a software project that we would like to depend on.
>
> The project is XebiaLabs' "OverThere":
> https://github.com/xebialabs/overthere
>
> However it comes with a possibly troublesome license:
> https://raw.githubusercontent.com/xebialabs/overthere/master/LICENSE
>
> It seems their intention is that it's GNU GPL2, unless the software
> you are using it with is on a list of "approved" open source licenses,
> in which case they'll let you off most of the GPL requirements. Apache
> Software License v2 is on their approved list.
>
> Reading the license I still see some potentially problematic clauses -
> in particular 0.b.(ii) seems to say that source code must accompany
> all binary distribution of the combined software product (a
> requirement that ASLv2 doesn't have). Also, our project could
> potentially be combined by our users with closed-source components in
> a way that is permitted by ASLv2 but which then falls foul of this
> list of approved licenses.
>
> Possibly mitigating circumstances is that this dependency is not core
> to our project and could be made optional (i.e., source code could
> compile without error unless the dependency is specifically enabled,
> and the binary distribution would operate normally without it until a
> call for its specific functionality is made). Therefore we could push
> the decision to include this component onto the end users, and it
> would be their responsibility to comply with the license.
>
> If we *were* to depend on OverThere, then we would express that as a
> Maven dependency - so we would not be bundling any OverThere code in
> our repository or source distribution. However we would like to start
> making binary releases and therefore we may include the OverThere
> binary inside our binary distribution.
>
> Any opinions on this situation? Is there any way we can make this
> work, or should it leave OverThere well alone?
>
> Thanks for your comments,
>
> Richard.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>