[openstack-dev] rtslib dependency for cinder is AGPL - thoughts?
Monty Taylor
mordred at inaugust.com
Tue Mar 19 19:55:24 UTC 2013
On 03/19/2013 12:06 PM, Russell Bryant wrote:
> On 03/19/2013 02:56 PM, Sean Dague wrote:
>> On 03/19/2013 02:16 PM, Russell Bryant wrote:
>>> On 03/19/2013 01:54 PM, Russell Bryant wrote:
>>>> On 03/19/2013 01:31 PM, Mark McLoughlin wrote:
>> <snip>
>>>>> To be clear, I'm really not sure whether this is our policy either. I
>>>>> guess I always assumed it was, but that's based on nothing substantive.
>>>>
>>>> So Sean, if you were doing a license review, was this the only (A)GPL
>>>> dependency you found (are there any GPL deps) ?
>>>
>>> For the record, I was speaking to Sean and neither of us know of any
>>> problematic Python dependencies in the Folsom release. This would only
>>> apply to new dependencies introduced in the Grizzly timeframe.
>>
>> The list of new dependencies for Grizzly that got are the following:
>>
>> jsonpointer BSD-like 0.5
>> python-alembic MIT 0.4.2
>> python-jsonpatch BSD-like 0.10
>> python-openssl (pyOpenSSL) Apache V2 0.13
>> python-rtslib AGPL V3 2.1.fb27
>> python-stevedore Apache V2 0.8
>>
>> All the others are fine and license compatible besides python-rtslib.
>
> Great, thanks. So how about we do this:
>
> 1) Move cinder-rtstool to its own separate repo (rtstool). This could
> be on stackforge for convenience, but it would not be an official
> OpenStack project.
Yes.
> 2) Remove rtslib from the requirements list of Cinder. Don't list
> rtstool as a requirement.
Yes.
> 3) Make sure Cinder can gracefully handle whether or not rtstool is
> present on the system.
Yes.
> 4) The TC needs to work on clarifying license policy and ensuring that
> we have a process in place to make sure the policy is reviewed for each
> new dependency.
I think that now that we have a global openstack/requirements repo and
are using it for all new requirements, we should ensure that reviewers
there do a license check. We might need to figure out something to
enable a report on transitive dependencies introduced by suggested deps too.
> 5) Cinder folks may want to consider targetd support in Havana. It
> would be HTTP access to something (A)GPL licensed as opposed to having
> to execute something. Executing something should still be fine though
> AFIAK, but IANAL. :-)
>
More information about the OpenStack-dev
mailing list