You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avalon.apache.org by Leo Simons <le...@apache.org> on 2003/02/05 23:39:25 UTC
licensing issues and jars in Avalon
Hi peeps,
talks about this have been on the infrastructure, the community, the
jakarta-general and the cocoon-dev list recently (and possibly other
places as well I'm not tracking).
first of: IANAL and I hate having to worry about licensing issues. I'll
be contacting Sun to complain about the rediculous complexity of their
licensing.
---
recent board decree (saw it first on the infrastructure list)
(paraphrasing): the ASF must not distribute software packages (in any
form) licensed under LGPL, GPL or Sun Binary Code License in any way.
Licenses which have been specifically identified as okay include IBM
Public License and MPL. I assume ASL-style and BSD-style are also okay
(relevant for our inclusion and redistribution of qdox, mx4j). Two
public domain packages, namely DougLea's threadutils and antlr have also
been marked as acceptable. But all this has not been stated as strongly
just yet. An attempt is now underway to get this sorted.
---
What is more or less clear at this point is that the current setup I
just put in place for avalon-framework where some Sun BCL code is
downloaded from ibiblio is in breach of license (it won't work anymore
either, as the problematic jars have been removed, so I guess it is
already no longer in breach), whereas the setup we use in logkit (where
the user must actively agree to the BCL license and download the code
themselves) /seems/ to be acceptable.
I've identified the following jars in avalon CVS repositories which seem
like they should be removed based on the information above:
- checkstyle (jakarta-avalon-apps/tools/checkstyle-all.jar and
other places) (LGPL)
- hsqldb (jakarta-avalon-apps/hsql/lib/hsqldb.jar)
(custom license)
- jsch (jakarta-avalon-excalibur/altrmi/jsch-0-0-11.jar) (LGPL)
There are lots of jars all over the avalon CVS repositories for which
the license is perfectly acceptable but not specified, for example of
jars which are ASL-licensed, like xerces.
I am not done checking yet, but I believe none of the avalon
distributions provide any of these potentially problematic jars.
I've found more than a few jars under "non-standard" BSD-style or
ASL-style licenses, like jdom, mx4j, qdox, jing and isorelax which I am
relatively sure are okay but IANAL.
---
I think we should remove the checkstyle, hsqldb and jsch jars. We should
also make sure all "autofetch" functionality is only provided after the
user has agreed to the applicable license. For the Sun BCL, the user
must download and install the files themselves. For the "non-standard"
BSD-style and ASL-style licenses we must take part in the effort to get
this thing sorted and receive a green light from the board.
---
The board has asked that all apache contributors act proactively on this
matter, performing an audit of ASF distributions, and taking part in
clarifying and removing any licensing issues. I believe the goal is to
get things clarified and settled within two weeks, in time for the next
board meeting. Please follow-up on community@apache.org.
---
cheers & g'night,
- Leo
---------------------------------------------------------------------
To unsubscribe, e-mail: avalon-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: avalon-dev-help@jakarta.apache.org
Re: licensing issues and jars in Avalon
Posted by Sam Ruby <ru...@apache.org>.
Santiago Gala wrote:
>
> Second, in jetspeed, David removed activation.jar some time ago (I think
> because of those issues). But I have reviewed our repo just now, and we
> still have mail.jar, which, I think, we should remove also. (Sun Binary
> Code License).
>
> If you confirm, I will take care that it is removed from the repository
> (being careful to make sure we don't break build procedures, updating
> docs, etc.)
Confirmed.
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: licensing issues and jars in Avalon
Posted by Santiago Gala <sg...@hisitech.com>.
Sam Ruby wrote:
> Leo Simons wrote:
>
>>
>> recent board decree (saw it first on the infrastructure list)
>> (paraphrasing): the ASF must not distribute software packages (in any
>> form) licensed under LGPL, GPL or Sun Binary Code License in any way.
>
>
> Sun's Binary Code license permits bundling as part of your Programs. The
> short form of this: you can include such things in tars and zips for
> your release, but for individually download. In other words, users need
> not feel the pain, but developers do.
>
First, I understand it as *not* for individually download, just bundled
in a single archive.
Second, in jetspeed, David removed activation.jar some time ago (I think
because of those issues). But I have reviewed our repo just now, and we
still have mail.jar, which, I think, we should remove also. (Sun Binary
Code License).
If you confirm, I will take care that it is removed from the repository
(being careful to make sure we don't break build procedures, updating
docs, etc.)
Regards,
Santiago
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: licensing issues and jars in Avalon
Posted by Leo Simons <le...@apache.org>.
Sam Ruby wrote:
> Leo Simons wrote:
>
>>
>> recent board decree (saw it first on the infrastructure list)
>> (paraphrasing): the ASF must not distribute software packages (in any
>> form) licensed under LGPL, GPL or Sun Binary Code License in any way.
>
>
> Sun's Binary Code license permits bundling as part of your Programs.
> The short form of this: you can include such things in tars and zips
> for your release, but for individually download. In other words,
> users need not feel the pain, but developers do.
So, in other words, it is okay if I as a developer download a
BCL-licensed package, compile an ASF module against it, then build a
distribution consisting of the compiled code and the BCL-licensed
package? For example, is a JAMES distribution allowed to be compiled
against the BCL-licensed package (after the developer making the
distribution has agreed to the license) and ship with the BCL-licensed
package?
Is it also okay if my distribution instead contains the source code and
the BCL-licensed package, and a build script for compiling the ASF
module against the BCL-licensed package? Or is that not okay, but can I
distribute the source code with my binary distribution? What about
providing everything but the build script?
I'm sorry, it's not too clear to me just yet.
> Personally, if there are open source alternatives, my recommendation
> is that they should be supported instead.
+1.
cheers,
- Leo
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: licensing issues and jars in Avalon
Posted by Sam Ruby <ru...@apache.org>.
Leo Simons wrote:
>
> recent board decree (saw it first on the infrastructure list)
> (paraphrasing): the ASF must not distribute software packages (in any
> form) licensed under LGPL, GPL or Sun Binary Code License in any way.
Sun's Binary Code license permits bundling as part of your Programs.
The short form of this: you can include such things in tars and zips for
your release, but for individually download. In other words, users need
not feel the pain, but developers do.
Personally, if there are open source alternatives, my recommendation is
that they should be supported instead.
> I've identified the following jars in avalon CVS repositories which seem
> like they should be removed based on the information above:
> - checkstyle (jakarta-avalon-apps/tools/checkstyle-all.jar and
> other places) (LGPL)
If available, then checkstyle can be used during a build - this should
not be any different than using EMACs. Preferably, the build should
skip this step if checkstyle is not available.
- Sam Ruby
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: licensing issues and jars in Avalon
Posted by Leo Simons <le...@apache.org>.
Hi all,
I've just updated the setup mentioned below to do handle the licensing
issue just a tiny bit better, up to the point
where I think (IANAL!) it is no longer in violation of any license.
http://cvs.apache.org/viewcvs.cgi/avalon/check-targets.ent
http://cvs.apache.org/viewcvs.cgi/avalon/check-targets.properties
It might make sense for other projects that are also not moving to maven
or centipede just yet to put in place
a similar setup.
cheers,
- Leo
> What is more or less clear at this point is that the current setup I
> just put in place for avalon-framework where some Sun BCL code is
> downloaded from ibiblio is in breach of license (it won't work anymore
> either, as the problematic jars have been removed, so I guess it is
> already no longer in breach), whereas the setup we use in logkit
> (where the user must actively agree to the BCL license and download
> the code themselves) /seems/ to be acceptable.
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org