[openstack-dev] rtslib dependency for cinder is AGPL - thoughts?

Monty Taylor mordred at inaugust.com
Tue Mar 19 19:55:24 UTC 2013 


On 03/19/2013 12:06 PM, Russell Bryant wrote:
> On 03/19/2013 02:56 PM, Sean Dague wrote:
>> On 03/19/2013 02:16 PM, Russell Bryant wrote:
>>> On 03/19/2013 01:54 PM, Russell Bryant wrote:
>>>> On 03/19/2013 01:31 PM, Mark McLoughlin wrote:
>> <snip>
>>>>> To be clear, I'm really not sure whether this is our policy either. I
>>>>> guess I always assumed it was, but that's based on nothing substantive.
>>>>
>>>> So Sean, if you were doing a license review, was this the only (A)GPL
>>>> dependency you found (are there any GPL deps) ?
>>>
>>> For the record, I was speaking to Sean and neither of us know of any
>>> problematic Python dependencies in the Folsom release.  This would only
>>> apply to new dependencies introduced in the Grizzly timeframe.
>>
>> The list of new dependencies for Grizzly that got are the following:
>>
>> jsonpointer                BSD-like    0.5
>> python-alembic            MIT    0.4.2
>> python-jsonpatch            BSD-like    0.10
>> python-openssl (pyOpenSSL)     Apache V2    0.13
>> python-rtslib                AGPL V3    2.1.fb27
>> python-stevedore            Apache V2    0.8
>>
>> All the others are fine and license compatible besides python-rtslib.
> 
> Great, thanks.  So how about we do this:
> 
> 1) Move cinder-rtstool to its own separate repo (rtstool).  This could
> be on stackforge for convenience, but it would not be an official
> OpenStack project.

Yes.

> 2) Remove rtslib from the requirements list of Cinder.  Don't list
> rtstool as a requirement.

Yes.

> 3) Make sure Cinder can gracefully handle whether or not rtstool is
> present on the system.

Yes.

> 4) The TC needs to work on clarifying license policy and ensuring that
> we have a process in place to make sure the policy is reviewed for each
> new dependency.

I think that now that we have a global openstack/requirements repo and
are using it for all new requirements, we should ensure that reviewers
there do a license check. We might need to figure out something to
enable a report on transitive dependencies introduced by suggested deps too.

> 5) Cinder folks may want to consider targetd support in Havana.  It
> would be HTTP access to something (A)GPL licensed as opposed to having
> to execute something.  Executing something should still be fine though
> AFIAK, but IANAL.  :-)
>

More information about the OpenStack-dev mailing list