incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <>
Subject Multi-licensed dependencies
Date Thu, 29 Mar 2012 16:17:13 GMT
On Thu, Mar 29, 2012 at 7:07 AM, Fabian Christ
<> wrote:
> Am 26. März 2012 17:20 schrieb Roy T. Fielding <>:
>> On Mar 26, 2012, at 4:41 PM, Karl Wright wrote:
>>> On Mon, Mar 26, 2012 at 10:24 AM, sebb <> wrote:
>>>> On 26 March 2012 02:38, Shinichiro Abe <>
>>>> The LICENSE file includes references to lots of jars that are dual
>>>> licensed under CDDL v1.0 and GPL v2.
>>>> However, there is no indication which license has been chosen by the project.
>>>> I think this is a blocker.
>> A project does not choose a license.  The license is provided by the copyright
>> owner.  We do not change that license, nor do we reduce the number of the
>> available licenses to choose from, for downstream recipients.  Therefore,
>> it doesn't make any sense to indicate which one is "chosen".
> I am following all these discussions for doing a first release of
> Apache Stanbol (incubating) but get totally confused. According to
> you have to choose the license and include only the license that you
> have chosen.

Hi, Fabian,

With Roy objecting to the practice codified in that documentation, it seems as
though we no longer have consensus in either the Incubator PMC or the ASF at
large as to what you ought to do.  For the time being, I suggest you do either
one. :)

If an Incubator PMC member feels strongly enough about this issue -- either
way -- and believes that it should block all future affected releases, please
speak up on this thread.  Otherwise, we should accept that in the absence of
consensus, we can advise but should not vote -1 on a given release candidate
until the matter is resolved.

Personally, I agree with Roy.  Perhaps it might seem a little odd to include
the text of e.g. the GPLv2 in one of our LICENSE files (alongside a more
permissive license), but the key here is that it is both legally OK for us to
distribute a product bundling such a dependency without explicitly justifying
our usage, and legally OK for a downstream consumer to distribute a product
bundling ours which asserts usage of the dependency under a different

Regarding the current documented recommendation, though, I don't think it is
actively harmful, because I don't believe we are doing anything which violates
the terms under which multi-licensed products are typically made available.

Therefore, in my opinion we can put this controversy in a queue for
legal-discuss@a.o, to be dealt with after the more pressing matter of bundled
jar files. :)

Marvin Humphrey

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message