[openstack-dev] Policy on using GPL libraries [was Re: rtslib dependency for cinder is AGPL - thoughts?]

Richard Fontana rfontana at redhat.com
Fri Mar 22 01:39:58 UTC 2013


On Thu, Mar 21, 2013 at 04:11:26PM +0000, Mark McLoughlin wrote:

> What I'm taking away from all this is that if an OpenStack project
> includes code (even optional code) which uses a GPL/AGPL Python library,
> then it's at least possible that someone with some credibility (maybe
> even a copyright holder of that module) might claim that this means that
> OpenStack project needs to be distributed under the terms of the
> GPL/AGPL.

Is it *likely* though?  In five years of experience dealing with
Python packages in Fedora and RHEL and other code contributed to by
Red Hat developers I have never encountered a single GPL (or AGPL)
licensor who made such a claim, nor have I encountered a single
downstream customer or partner that raised this as a concern. That has
to mean something.

> Its
> seems pretty clear cut to me - the Foundation's bylaws appears to
> prevent any OpenStack project from doing anything that would require the
> project to be distributed under the GPL or AGPL.

That is true; for an easy example, if an OpenStack project developer
somehow did not sign the CLA, put a GPL notice (and no other license
notice) on a source file, and committed that source file to an
OpenStack project, that result would unquestionably conflict with the
policy stated in the bylaws (clearly at least *some* code in the
project would be distributed under the GPL).

However, 

> i.e. to consider linking to GPL/AGPL libraries we would need a bylaws
> change

To me this doesn't necessarily follow. It embodies a particular legal
conclusion. Maybe it's nonetheless the best approach for OpenStack to
adopt (e.g. for ease of administration).

I would think something less severe could be appropriate. I can
imagine many situations that ought not present even a hypothetical
problem, drawn from real experiences I've had dealing with other
projects. Easy case: Suppose the GPL library in question is developed
solely by one copyright holder who does not wish to use a license
other than GPL but who states very explicitly that it sees no
licensing implications for the OpenStack code using said library, no
conflict with the bylaws policy. And suppose the GPL library falls
outside the scope of the definition of "the OpenStack Project".

IOW you could have a case-by-case approach, or a default rule with
some opportunity to argue that an exception should be made in a
particular circumstance (without requiring bylaws amendment).

Maybe the ASF *is* a good model to follow here, in that, AIUI, it does
not have absolute rules around things of this sort (requiring bylaws
amendment to override). It appears to me (as an outside observer) to
have an evolving legal policy -- admittedly one that remains strongly
biased against having GPL code in proximity -- based on real cases
faced by ASF project developers in real life.

   - RF




More information about the OpenStack-dev mailing list