incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shane Curcuru <>
Subject Re: Help with Dependency Licensing
Date Wed, 12 Apr 2017 12:23:19 GMT
Nick Couchman wrote on 4/11/17 10:26 AM:
> Hello, everyone,I'm currently working on the Guacamole incubator
> project, and am developing an extension for the project that has
> dependencies on binaries (JARs via Maven) that are licensed under
> Category-X licenses.  We've already determined that we cannot
> distribute a binary version of this extension, but, since it is an
> extension (and not core to the functionality of the product), we
> should be able to distribute the source code with build instructions
> for the users. 

It's not completely clear from your description what specific bits of
code are going where, so a more detailed description might help.  But my
first guess would be no.  The CatX policy is pretty clear: don't include
Category X code in Apache repos or releases:

The reasoning for this is twofold:

- Legal issues.  We obviously want to carefully comply with how everyone
else's licenses, so GPL or any similar kind of code is inappropriate to
use in any Apache work.

- Policy issues.  Immaterial of caselaw or potential legal rulings, the
ASF only wants to incorporate third party works in ways that respect the
intent of third party licenses.  The JSON license is an example here,
since it's unspecific call for 'Good, not Evil' is incompatible with our
policy that our users can use the software for whatever they want.

In any case, it sounds like your PPMC needs to provide a more detailed
description of the issue, and open a Legal JIRA to get a definitive answer:

> The question I have is how we should deal with license
> bundling in this scenario?  In the rest of this project, including
> other extensions, we bundle a src/licenses directory that has all of
> the dependency licenses for the extension.  When the binary is built,
> a resulting file has not only the binary for the extension, but also
> all of the dependency licenses.  Since we're not distributing a
> binary, is there any reason/need for us to package up dependency
> licenses? Let me know if this needs more clarification - I know this
> might be a bit vague, but I'm in new territory, here, and am happy to
> provide any further information that might help someone help me :-). 
> Thanks,Nick


- Shane

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message