You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@druid.apache.org by Don Bowman <do...@agilicus.com> on 2019/01/23 23:04:39 UTC
script, GPL, container question
Re: PR https://github.com/apache/incubator-druid/pull/6896
I am trying to make a container that works for folks so that we can get the
Kubernetes helm chart off the ground.
A question has arisen in the PR around the 'mysql-connector-java' which is
GPL.
Q1. A script checked into the druid container build repo that is Apache
license, does anyone have a concern if it has a line 'wget ...
mysql-connector.java' [link
<https://github.com/apache/incubator-druid/pull/6896#pullrequestreview-195673343>
to question]
Q2. Given that the container ultimately has GPL things in it (e.g. bash) is
there a problem releasing it? [link
<https://github.com/apache/incubator-druid/pull/6896#discussion_r250316937>
to Q]
I'll work on the other comments in the PR.
--don
Re: script, GPL, container question
Posted by Gian Merlino <gi...@apache.org>.
I found this discussion of Docker images for Apache projects:
https://issues.apache.org/jira/browse/LEGAL-270. It looks like Apache Infra
has been maintaining https://hub.docker.com/u/apache and Apache Legal is
aware of it and didn't see any obvious problems. But I don't see anyone
discussing the question of GPLed components that come from the base image.
On Fri, Jan 25, 2019 at 10:17 AM Gian Merlino <gi...@apache.org> wrote:
> For Q1 the legal guidance as I understand it is that we can provide users
> with instructions for how to get optional (L)GPL dependencies, but we can't
> distribute them ourselves. Putting the mysql-connector in an Docker image
> does feel like distribution…
>
> Q2 is an interesting question. I wonder if Apache has a policy on official
> or semiofficial Docker containers that touches on the possibly thorny
> licensing questions. It seems that they do exist for other projects,
> though: https://hub.docker.com/u/apache. The Zeppelin one, for example,
> is based on ubuntu so it must have plenty of GPL stuff in it:
> https://hub.docker.com/r/apache/zeppelin/dockerfile. And it is presented
> on the Zeppelin page as an official thing:
> https://zeppelin.apache.org/docs/0.7.0/install/docker.html.
>
> I dunno, it feels weird to me, and I am searching for evidence of these
> issues having been explicitly discussed by other projects but have not
> found it yet.
>
> On Wed, Jan 23, 2019 at 3:13 PM Don Bowman <do...@agilicus.com> wrote:
>
>> Re: PR https://github.com/apache/incubator-druid/pull/6896
>>
>> I am trying to make a container that works for folks so that we can get
>> the
>> Kubernetes helm chart off the ground.
>>
>> A question has arisen in the PR around the 'mysql-connector-java' which is
>> GPL.
>>
>> Q1. A script checked into the druid container build repo that is Apache
>> license, does anyone have a concern if it has a line 'wget ...
>> mysql-connector.java' [link
>> <
>> https://github.com/apache/incubator-druid/pull/6896#pullrequestreview-195673343
>> >
>> to question]
>> Q2. Given that the container ultimately has GPL things in it (e.g. bash)
>> is
>> there a problem releasing it? [link
>> <
>> https://github.com/apache/incubator-druid/pull/6896#discussion_r250316937
>> >
>> to Q]
>>
>> I'll work on the other comments in the PR.
>>
>> --don
>>
>
Re: script, GPL, container question
Posted by Don Bowman <do...@agilicus.com>.
On Fri, 25 Jan 2019 at 21:00, Gian Merlino <gi...@apache.org> wrote:
> I did some looking around and found this:
> https://issues.apache.org/jira/browse/INFRA-12781. It seems that the
> Apache
> Infra folks will set up DockerHub configs for projects like us, in such a
> way that they build automatically off release tags. So it does seem pretty
> easy; it looks like once we have a working Dockerfile we just need to raise
> an INFRA ticket to get them to set that up.
>
> > how do i drive to consensus on the mysql thing?
>
> One way is try to encourage more people to chime in here (you are already
> doing this by writing emails). Another is to reach out and ask the
> Incubator PMC (email general@incubator.apache.org) or Apache Legal (raise
> a
> LEGAL ticket in JIRA) for advice. I would probably go for the Incubator PMC
> first, since the audience is a bit larger and this may have come up before.
>
>
>
OK I've added that email to the thread. I don't know what INFRA or JIRA are.
The question is: "We want to release druid as a docker image. The docker
image will be based on Linux, and thus have GPL code in it which is not
part of the druid project. In addition, we want to pull a file from the
Maven repository (mysql-connector-java). A request was raised in the Pull
Request #6896 <https://github.com/apache/incubator-druid/pull/6896> to
veriify this. The people that raised the concerns don't have specifics,
just a general question as to if this is allowed."
The specifics are to use gcr.io/distroless/java:debug as the base container
(Apache license overall (ref github
<https://github.com/GoogleContainerTools/distroless>), containing GPL
components e.g. busybox), and run this command:
RUN wget -O
/opt/druid/extensions/mysql-metadata-storage/mysql-connector-java-5.1.38.jar
http://central.maven.org/maven2/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar
Note that druid does not function without GPL code since its start scripts
use bash.
I believe this is 'mere aggregation' under the GPL.
Re: script, GPL, container question
Posted by Don Bowman <do...@agilicus.com>.
On Fri, 25 Jan 2019 at 21:00, Gian Merlino <gi...@apache.org> wrote:
> I did some looking around and found this:
> https://issues.apache.org/jira/browse/INFRA-12781. It seems that the
> Apache
> Infra folks will set up DockerHub configs for projects like us, in such a
> way that they build automatically off release tags. So it does seem pretty
> easy; it looks like once we have a working Dockerfile we just need to raise
> an INFRA ticket to get them to set that up.
>
> > how do i drive to consensus on the mysql thing?
>
> One way is try to encourage more people to chime in here (you are already
> doing this by writing emails). Another is to reach out and ask the
> Incubator PMC (email general@incubator.apache.org) or Apache Legal (raise
> a
> LEGAL ticket in JIRA) for advice. I would probably go for the Incubator PMC
> first, since the audience is a bit larger and this may have come up before.
>
>
>
OK I've added that email to the thread. I don't know what INFRA or JIRA are.
The question is: "We want to release druid as a docker image. The docker
image will be based on Linux, and thus have GPL code in it which is not
part of the druid project. In addition, we want to pull a file from the
Maven repository (mysql-connector-java). A request was raised in the Pull
Request #6896 <https://github.com/apache/incubator-druid/pull/6896> to
veriify this. The people that raised the concerns don't have specifics,
just a general question as to if this is allowed."
The specifics are to use gcr.io/distroless/java:debug as the base container
(Apache license overall (ref github
<https://github.com/GoogleContainerTools/distroless>), containing GPL
components e.g. busybox), and run this command:
RUN wget -O
/opt/druid/extensions/mysql-metadata-storage/mysql-connector-java-5.1.38.jar
http://central.maven.org/maven2/mysql/mysql-connector-java/5.1.38/mysql-connector-java-5.1.38.jar
Note that druid does not function without GPL code since its start scripts
use bash.
I believe this is 'mere aggregation' under the GPL.
Re: script, GPL, container question
Posted by Gian Merlino <gi...@apache.org>.
I did some looking around and found this:
https://issues.apache.org/jira/browse/INFRA-12781. It seems that the Apache
Infra folks will set up DockerHub configs for projects like us, in such a
way that they build automatically off release tags. So it does seem pretty
easy; it looks like once we have a working Dockerfile we just need to raise
an INFRA ticket to get them to set that up.
> how do i drive to consensus on the mysql thing?
One way is try to encourage more people to chime in here (you are already
doing this by writing emails). Another is to reach out and ask the
Incubator PMC (email general@incubator.apache.org) or Apache Legal (raise a
LEGAL ticket in JIRA) for advice. I would probably go for the Incubator PMC
first, since the audience is a bit larger and this may have come up before.
On Fri, Jan 25, 2019 at 1:24 PM Don Bowman <do...@agilicus.com> wrote:
> On Fri, 25 Jan 2019 at 16:07, Gian Merlino <gi...@apache.org> wrote:
>
> > For Q1 - I have the feeling that if we asked the powers that be at Apache
> > for an opinion on bundling the MySQL connector that they would not be
> fans
> > of the idea -- mostly because it is not allowed for binary tarball
> > releases, and I don't see why it would be different for Docker releases.
> So
> > because of that, I wouldn't be comfortable bundling the mysql-connector
> jar
> > unless we actually _did_ ask the powers that be, and they said it's ok.
> The
> > powers that be are probably either ASF Legal or the Incubator PMC.
> >
> > For Q2 - IMO precedent established by other projects means this is not
> > likely an issue. Probably because of the mere-aggregation reason you
> > brought up.
> >
> > If we want to release official Docker images then this will also need to
> be
> > incorporated into our build process. Don are you interested in
> researching
> > / proposing how that might be done? Anyone else - should we have a
> > discussion about whether we want official Docker images as part of our
> > release process? Personally, if it doesn't impose much additional burden
> on
> > release managers, and the image is something that is easy to run in
> > production in a way that we are comfortable supporting as a community, I
> am
> > for it. (I haven't reviewed the PR enough to have an opinion on that.)
> >
> >
> >
> Its pretty trivial to let the dockerhub run its own pipeline on any {tag |
> merge} in git.
> it does this automatically.
> Or, its not too hard to have travis have some keys to do a push and it in
> turn is gated
> by a {tag | merge}.
>
> some projects build the release on each 'tag' created.
> some build on tag matching pattern
> some build on any merge commit to master.
>
> IMO w/o a release of container to a public repo this is pointless, its what
> people
> expect.
>
> I don't have any particular domain knowledge in the area but am willing to
> do
> some work if it is identified as needing done.
>
> how do i drive to consensus on the mysql thing?
>
Re: script, GPL, container question
Posted by Don Bowman <do...@agilicus.com>.
On Fri, 25 Jan 2019 at 16:07, Gian Merlino <gi...@apache.org> wrote:
> For Q1 - I have the feeling that if we asked the powers that be at Apache
> for an opinion on bundling the MySQL connector that they would not be fans
> of the idea -- mostly because it is not allowed for binary tarball
> releases, and I don't see why it would be different for Docker releases. So
> because of that, I wouldn't be comfortable bundling the mysql-connector jar
> unless we actually _did_ ask the powers that be, and they said it's ok. The
> powers that be are probably either ASF Legal or the Incubator PMC.
>
> For Q2 - IMO precedent established by other projects means this is not
> likely an issue. Probably because of the mere-aggregation reason you
> brought up.
>
> If we want to release official Docker images then this will also need to be
> incorporated into our build process. Don are you interested in researching
> / proposing how that might be done? Anyone else - should we have a
> discussion about whether we want official Docker images as part of our
> release process? Personally, if it doesn't impose much additional burden on
> release managers, and the image is something that is easy to run in
> production in a way that we are comfortable supporting as a community, I am
> for it. (I haven't reviewed the PR enough to have an opinion on that.)
>
>
>
Its pretty trivial to let the dockerhub run its own pipeline on any {tag |
merge} in git.
it does this automatically.
Or, its not too hard to have travis have some keys to do a push and it in
turn is gated
by a {tag | merge}.
some projects build the release on each 'tag' created.
some build on tag matching pattern
some build on any merge commit to master.
IMO w/o a release of container to a public repo this is pointless, its what
people
expect.
I don't have any particular domain knowledge in the area but am willing to
do
some work if it is identified as needing done.
how do i drive to consensus on the mysql thing?
Re: script, GPL, container question
Posted by Gian Merlino <gi...@apache.org>.
For Q1 - I have the feeling that if we asked the powers that be at Apache
for an opinion on bundling the MySQL connector that they would not be fans
of the idea -- mostly because it is not allowed for binary tarball
releases, and I don't see why it would be different for Docker releases. So
because of that, I wouldn't be comfortable bundling the mysql-connector jar
unless we actually _did_ ask the powers that be, and they said it's ok. The
powers that be are probably either ASF Legal or the Incubator PMC.
For Q2 - IMO precedent established by other projects means this is not
likely an issue. Probably because of the mere-aggregation reason you
brought up.
If we want to release official Docker images then this will also need to be
incorporated into our build process. Don are you interested in researching
/ proposing how that might be done? Anyone else - should we have a
discussion about whether we want official Docker images as part of our
release process? Personally, if it doesn't impose much additional burden on
release managers, and the image is something that is easy to run in
production in a way that we are comfortable supporting as a community, I am
for it. (I haven't reviewed the PR enough to have an opinion on that.)
On Fri, Jan 25, 2019 at 12:53 PM Don Bowman <do...@agilicus.com> wrote:
> On Fri, 25 Jan 2019 at 13:17, Gian Merlino <gi...@apache.org> wrote:
>
> > For Q1 the legal guidance as I understand it is that we can provide users
> > with instructions for how to get optional (L)GPL dependencies, but we
> can't
> > distribute them ourselves. Putting the mysql-connector in an Docker image
> > does feel like distribution…
> >
> > Q2 is an interesting question. I wonder if Apache has a policy on
> official
> > or semiofficial Docker containers that touches on the possibly thorny
> > licensing questions. It seems that they do exist for other projects,
> > though: https://hub.docker.com/u/apache. The Zeppelin one, for example,
> is
> > based on ubuntu so it must have plenty of GPL stuff in it:
> > https://hub.docker.com/r/apache/zeppelin/dockerfile. And it is presented
> > on
> > the Zeppelin page as an official thing:
> > https://zeppelin.apache.org/docs/0.7.0/install/docker.html.
> >
> > I dunno, it feels weird to me, and I am searching for evidence of these
> > issues having been explicitly discussed by other projects but have not
> > found it yet.
> >
> >
> >
> GPL does not attach by mere aggregation. [see GPL FAQ
> <https://www.gnu.org/licenses/gpl-faq.en.html#MereAggregation>]
> All linux is gpl, and all the containers are linux for all the other apache
> foundation things (maven, httpd, ...). even debian has bash in it, which is
> gpl.
>
> so I can either:
>
> a) continue as is. I want to get this on dockerhub auto-built, that's what
> he script does now. BTW, it downloads the gpl code from maven repository,
> which is also run by apache.
> b) remove it, support postgres only.
>
> both are ok w/ me I suppose.
>
Re: script, GPL, container question
Posted by Don Bowman <do...@agilicus.com>.
On Fri, 25 Jan 2019 at 13:17, Gian Merlino <gi...@apache.org> wrote:
> For Q1 the legal guidance as I understand it is that we can provide users
> with instructions for how to get optional (L)GPL dependencies, but we can't
> distribute them ourselves. Putting the mysql-connector in an Docker image
> does feel like distribution…
>
> Q2 is an interesting question. I wonder if Apache has a policy on official
> or semiofficial Docker containers that touches on the possibly thorny
> licensing questions. It seems that they do exist for other projects,
> though: https://hub.docker.com/u/apache. The Zeppelin one, for example, is
> based on ubuntu so it must have plenty of GPL stuff in it:
> https://hub.docker.com/r/apache/zeppelin/dockerfile. And it is presented
> on
> the Zeppelin page as an official thing:
> https://zeppelin.apache.org/docs/0.7.0/install/docker.html.
>
> I dunno, it feels weird to me, and I am searching for evidence of these
> issues having been explicitly discussed by other projects but have not
> found it yet.
>
>
>
GPL does not attach by mere aggregation. [see GPL FAQ
<https://www.gnu.org/licenses/gpl-faq.en.html#MereAggregation>]
All linux is gpl, and all the containers are linux for all the other apache
foundation things (maven, httpd, ...). even debian has bash in it, which is
gpl.
so I can either:
a) continue as is. I want to get this on dockerhub auto-built, that's what
he script does now. BTW, it downloads the gpl code from maven repository,
which is also run by apache.
b) remove it, support postgres only.
both are ok w/ me I suppose.
Re: script, GPL, container question
Posted by Gian Merlino <gi...@apache.org>.
For Q1 the legal guidance as I understand it is that we can provide users
with instructions for how to get optional (L)GPL dependencies, but we can't
distribute them ourselves. Putting the mysql-connector in an Docker image
does feel like distribution…
Q2 is an interesting question. I wonder if Apache has a policy on official
or semiofficial Docker containers that touches on the possibly thorny
licensing questions. It seems that they do exist for other projects,
though: https://hub.docker.com/u/apache. The Zeppelin one, for example, is
based on ubuntu so it must have plenty of GPL stuff in it:
https://hub.docker.com/r/apache/zeppelin/dockerfile. And it is presented on
the Zeppelin page as an official thing:
https://zeppelin.apache.org/docs/0.7.0/install/docker.html.
I dunno, it feels weird to me, and I am searching for evidence of these
issues having been explicitly discussed by other projects but have not
found it yet.
On Wed, Jan 23, 2019 at 3:13 PM Don Bowman <do...@agilicus.com> wrote:
> Re: PR https://github.com/apache/incubator-druid/pull/6896
>
> I am trying to make a container that works for folks so that we can get the
> Kubernetes helm chart off the ground.
>
> A question has arisen in the PR around the 'mysql-connector-java' which is
> GPL.
>
> Q1. A script checked into the druid container build repo that is Apache
> license, does anyone have a concern if it has a line 'wget ...
> mysql-connector.java' [link
> <
> https://github.com/apache/incubator-druid/pull/6896#pullrequestreview-195673343
> >
> to question]
> Q2. Given that the container ultimately has GPL things in it (e.g. bash) is
> there a problem releasing it? [link
> <https://github.com/apache/incubator-druid/pull/6896#discussion_r250316937
> >
> to Q]
>
> I'll work on the other comments in the PR.
>
> --don
>