AGPLv3+ acceptable for third party dependencies?
Hi, Just a quick question: Is AGPLv3+ an acceptable license for a third party library that is a dependency for an Openstack project? I read: (from http://governance.openstack.org/reference/licensing.html) In order to be acceptable as dependencies of OpenStack projects, external libraries (produced and published by 3rd-party developers) must be licensed under an OSI-approved license that does not restrict distribution of the consuming project. The list of acceptable licenses includes ASLv2, BSD (both forms), MIT, PSF, LGPL, ISC, and MPL. Licenses considered incompatible with this requirement include GPLv2, GPLv3, and AGPL. Is AGPL the same as AGPLv3 (and therefore not acceptable)? Thanks, Ade Lee
On 11/09/2016 01:51 PM, Ade Lee wrote:
Hi,
Just a quick question:
Is AGPLv3+ an acceptable license for a third party library that is a dependency for an Openstack project?
I read: (from http://governance.openstack.org/reference/licensing.html)
In order to be acceptable as dependencies of OpenStack projects, external libraries (produced and published by 3rd-party developers) must be licensed under an OSI-approved license that does not restrict distribution of the consuming project. The list of acceptable licenses includes ASLv2, BSD (both forms), MIT, PSF, LGPL, ISC, and MPL. Licenses considered incompatible with this requirement include GPLv2, GPLv3, and AGPL.
Is AGPL the same as AGPLv3 (and therefore not acceptable)?
Yes, AGPL and AGPLv3 fall into the same category. However, depending on what you want to do it may be ok (there are circumstances where it's acceptable and circumstances where it isn't) so if you have a specific library in mind and a specific use, it might be worthwhile asking anyway.
Specifically, I would like to use the following puppet module: https://github.com/purpleidea/puppet-ipa/ to optionally enroll an undercloud node in a triple-O deployment to a FreeIPA server. This would likely involve changes to tripleo/instack- undercloud. Overcloud nodes would be enrolled using a different mechanism. (https://github.com/rcritten/novajoin) Is it acceptable in this case? Thanks, Ade On Wed, 2016-11-09 at 13:58 -0600, Monty Taylor wrote:
On 11/09/2016 01:51 PM, Ade Lee wrote:
Hi,
Just a quick question:
Is AGPLv3+ an acceptable license for a third party library that is a dependency for an Openstack project?
I read: (from http://governance.openstack.org/reference/licensing.html)
In order to be acceptable as dependencies of OpenStack projects, external libraries (produced and published by 3rd-party developers) must be licensed under an OSI-approved license that does not restrict distribution of the consuming project. The list of acceptable licenses includes ASLv2, BSD (both forms), MIT, PSF, LGPL, ISC, and MPL. Licenses considered incompatible with this requirement include GPLv2, GPLv3, and AGPL.
Is AGPL the same as AGPLv3 (and therefore not acceptable)?
Yes, AGPL and AGPLv3 fall into the same category.
However, depending on what you want to do it may be ok (there are circumstances where it's acceptable and circumstances where it isn't) so if you have a specific library in mind and a specific use, it might be worthwhile asking anyway.
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Ade Lee wrote:
Specifically, I would like to use the following puppet module:
https://github.com/purpleidea/puppet-ipa/
to optionally enroll an undercloud node in a triple-O deployment to a FreeIPA server. This would likely involve changes to tripleo/instack- undercloud.
Overcloud nodes would be enrolled using a different mechanism. (https://github.com/rcritten/novajoin)
Is it acceptable in this case?
I think this would go against our licensing guidelines. Regards, -- Thierry Carrez (ttx)
I agree. Unless we hear expressly from Jonathan or Mark, the policy would govern. -----Original Message----- From: Thierry Carrez [mailto:thierry@openstack.org] Sent: Friday, November 11, 2016 4:30 AM To: legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] AGPLv3+ acceptable for third party dependencies? Ade Lee wrote:
Specifically, I would like to use the following puppet module:
https://github.com/purpleidea/puppet-ipa/
to optionally enroll an undercloud node in a triple-O deployment to a FreeIPA server. This would likely involve changes to tripleo/instack- undercloud.
Overcloud nodes would be enrolled using a different mechanism. (https://github.com/rcritten/novajoin)
Is it acceptable in this case?
I think this would go against our licensing guidelines. Regards, -- Thierry Carrez (ttx) _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
On 2016-11-10 10:33:48 -0500 (-0500), Ade Lee wrote:
Specifically, I would like to use the following puppet module:
[I am not a lawyer.] tl;dr: I would avoid that module for an official OpenStack service or deployment deliverable, were I in your situation. In the past, the Infra team has assumed that when combining Puppet modules under a common manifest they need to be compatibly licensed such that the whole can fall under the most restrictive of the licenses for all the modules involved, and requested license exceptions in writing from authors when license incompatibilities arose. I'm not aware of any real precedent around combining licenses for declarative/descriptive languages like Puppet (for that you might do better asking on a Puppet community ML instead), but we've always assumed conservatively that it would be similar to importing Python module dependencies or runtime linking of compiled libraries in that regard. -- Jeremy Stanley
On 2016-11-09 14:51:12 -0500 (-0500), Ade Lee wrote:
Is AGPLv3+ an acceptable license for a third party library that is a dependency for an Openstack project? [...] Is AGPL the same as AGPLv3 (and therefore not acceptable)?
I'm no lawyer, but my understanding is that the GNU AGPLv3 is merely a variant of the GNU GPLv3 which adds a condition aimed at closing the "application service provider loophole" in much the same way as the original Affero GPL. So given that we disallow dependencies licensed under GPLv3 and AGPL, the same concerns would seem to apply to the AGPLv3 as well. It might merit expressly mentioning AGPLv3 in our licensing reference, though I expect this was assumed to be sufficiently clear on that point already. -- Jeremy Stanley
Yes not acceptable Sent from my iPhone
On Nov 9, 2016, at 11:53 AM, Ade Lee <alee@redhat.com> wrote:
Hi,
Just a quick question:
Is AGPLv3+ an acceptable license for a third party library that is a dependency for an Openstack project?
I read: (from http://governance.openstack.org/reference/licensing.html)
In order to be acceptable as dependencies of OpenStack projects, external libraries (produced and published by 3rd-party developers) must be licensed under an OSI-approved license that does not restrict distribution of the consuming project. The list of acceptable licenses includes ASLv2, BSD (both forms), MIT, PSF, LGPL, ISC, and MPL. Licenses considered incompatible with this requirement include GPLv2, GPLv3, and AGPL.
Is AGPL the same as AGPLv3 (and therefore not acceptable)?
Thanks, Ade Lee
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
participants (5)
-
Ade Lee
-
Jeremy Stanley
-
Monty Taylor
-
Radcliffe, Mark
-
Thierry Carrez