On Mon, 2019-02-04 at 14:42 +0100, Ilya Shakhat wrote:
Hi,
I am experimenting with automatic verification of code licenses of OpenStack projects and see that one of Rally dependencies has GPL3 license [1]. I'm not a big expert in licenses, but isn't it a violation of GPL? In particular what concerns me is:
[2] - " If a library is released under the GPL (not the LGPL), does that mean that any software which uses it has to be under the GPL or a GPL-compatible license? (#IfLibraryIsGPL)
Yes, because the program actually links to the library. As such, the terms of the GPL apply to the entire combination. The software modules that link with the library may be under various GPL compatible licenses, but the work as a whole must be licensed under the GPL. "
and
[3] - " This licensing incompatibility applies only when some Apache project software becomes a derivative work of some GPLv3 software, because then the Apache software would have to be distributed under GPLv3. This would be incompatible with ASF's requirement that all Apache software must be distributed under the Apache License 2.0.
We avoid GPLv3 software because merely linking to it is considered by the GPLv3 authors to create a derivative work. "
[1] http://paste.openstack.org/show/744483/ [2] https://www.gnu.org/licenses/gpl-faq.html#IfLibraryIsGPL [3] https://www.apache.org/licenses/GPL-compatibility.html
Should this issue be fixed? If yes, should we have a gate job to block adding of such dependencies? it looks like it was added as part of this change https://github.com/openstack/rally/commit/ee2f469d8f347fbf8e0dcd84cf3f52e41e... I have not checked but if it is only used by the optional elasticSearch plugin then im not sure there is a licence conflict in the general case. rally can be used entirly without the elastic serach exporter plugin so at most the GPL contamination whould be confied to that plugin provided the combination fo the plugin and rally is not considerd a sincel combinded work.
the clause of the GPL only take effect on distibution as such if you distibute rally without the elastic search plugin or you distibute in such a way as the elastitc search plugin is not loaded i think no conclict would exist. im not a legal expert so this is just my oppion but from reviewing https://www.gnu.org/licenses/gpl-faq.en.html#GPLPlugins breifly it is arguable that loading the elastic search pluging would make rally and that plugin a single combined application which looking at https://www.gnu.org/licenses/gpl-faq.en.html#NFUseGPLPlugins would imply that the GPL would have to apply to the entire combination fo rally and the elastic search plugin. that would depend on how the plugin was loaded. if the exporter plugin is forked into a seperate python inteperater instance instaead of imported as a lib and invoked via a fuction call it would not form a single combined program but i have not looked at how rally uses the plugin. it would likely be good for legal and the rally core team to review. the simplest soltution if an issue is determinted to exist would be to move the elastic search plugin into its own repos so it si distibuted seperately from rally. failing that the code that depends on morph would have to be removed to resolve the conflict. as i said im not a leagl expert so this is just my personal opinion as such take it with a grain of salt. regard sean
Thanks, Ilya