[legal-discuss] Third party file inclusion in Openstack sushy project

Allison Randal allison at lohutok.net
Sat Jul 21 16:07:06 UTC 2018

On 07/19/2018 03:25 PM, mail at clusums.eu wrote:
> would this make any difference? It still would require to have
> OSI-approved licensed?

It would still require an OSI-approved license, yes, since the users
can't even legally install proprietary files (code or data, since both
are copyright protected). And, since you'd be installing it to use in an
Apache 2.0 licensed project, it specifically needs to be a license
that's compatible for use with Apache 2.0.

But, yes, it makes a difference whether you commit a copy of the files
into the sushy repository, rather than simply installing it together
with sushy. Since the licenses are compatible, licensing doesn't make a
difference here (though it could if we were dealing with something like
the LGPL, which has different terms for code that's "linked" versus code
that's "modified"). But other things like copyright and patents do still
make a difference.

> Also, to clarify, these files are more like data files, rather code, and
> we need to bundle this together in sushy so users can use sushy when
> offline/behind firewall.

I'm kind of surprised Redfish doesn't provide a standard install process
for these registry data files, if it expects them to be installed for
Redfish API clients.

But, it shouldn't be a problem, anyway, you could:

- provide a script that the user runs separately to download and install
the DMTF files on the user's machine after they install sushy

- or, automatically download the DMTF files the first time sushy uses
them, and then cache them locally on the user's machine

- or, if you're feeling more adventurous (because Python doesn't make it
super easy, and I don't know of any other OpenStack projects using this
feature): add a post-install script for setup.py that installs the DMTF


More information about the legal-discuss mailing list