Hi,

I am experimenting with automatic verification of code licenses of OpenStack projects and see that one of Rally dependencies has GPL3 license [1]. I'm not a big expert in licenses, but isn't it a violation of GPL? In particular what concerns me is:

[2] - "
If a library is released under the GPL (not the LGPL), does that mean that any software which uses it has to be under the GPL or a GPL-compatible license? (#IfLibraryIsGPL)

Yes, because the program actually links to the library. As such, the terms of the GPL apply to the entire combination. The software modules that link with the library may be under various GPL compatible licenses, but the work as a whole must be licensed under the GPL.
"

and

[3] - "
This licensing incompatibility applies only when some Apache project software becomes a derivative work of some GPLv3 software, because then the Apache software would have to be distributed under GPLv3. This would be incompatible with ASF's requirement that all Apache software must be distributed under the Apache License 2.0.

We avoid GPLv3 software because merely linking to it is considered by the GPLv3 authors to create a derivative work.
"

[1] http://paste.openstack.org/show/744483/
[2] https://www.gnu.org/licenses/gpl-faq.html#IfLibraryIsGPL
[3] https://www.apache.org/licenses/GPL-compatibility.html

Should this issue be fixed? If yes, should we have a gate job to block adding of such dependencies?

Thanks,

Ilya