Open Stack

On Mon, 2019-02-04 at 14:42 +0100, Ilya Shakhat wrote:
> Hi, 
> 
> I am experimenting with automatic verification of code licenses of OpenStack projects and see that one of Rally
> dependencies has GPL3 license [1].
>  I'm not a big expert in licenses, but isn't it a violation of GPL? In particular what concerns me is:
> 
> [2] - "
> If a library is released under the GPL (not the LGPL), does that mean that any software which uses it has to be under
> the GPL or a GPL-compatible license? (#IfLibraryIsGPL)
> 
> Yes, because the program actually links to the library. As such, the terms of the GPL apply to the entire combination.
> The software modules that link with the library may be under various GPL compatible licenses, but the work as a whole
> must be licensed under the GPL.
> "
> 
> and
> 
> [3] - "
> This licensing incompatibility applies only when some Apache project software becomes a derivative work of some GPLv3
> software, because then the Apache software would have to be distributed under GPLv3. This would be incompatible with
> ASF's requirement that all Apache software must be distributed under the Apache License 2.0.
> 
> We avoid GPLv3 software because merely linking to it is considered by the GPLv3 authors to create a derivative work.
> "
> 
> [1] http://paste.openstack.org/show/744483/
> [2] https://www.gnu.org/licenses/gpl-faq.html#IfLibraryIsGPL
> [3] https://www.apache.org/licenses/GPL-compatibility.html
> 
> Should this issue be fixed? If yes, should we have a gate job to block adding of such dependencies?
it looks like it was added as part of this change
https://github.com/openstack/rally/commit/ee2f469d8f347fbf8e0dcd84cf3f52e41eb98090
I have not checked but if it is only used by the optional elasticSearch plugin then im not sure there is a licence
conflict in the general case. rally can be used entirly without the elastic serach exporter plugin so at most the GPL
contamination whould be confied to that plugin provided the combination fo the plugin and rally is not considerd a
sincel combinded work.

the clause of the GPL only take effect on distibution as such if  you distibute rally without the elastic search plugin
or you distibute in such a way as the elastitc search plugin is not loaded i think no conclict would exist.

im not a legal expert so this is just my oppion but from reviewing 
https://www.gnu.org/licenses/gpl-faq.en.html#GPLPlugins breifly it is arguable that loading the elastic search pluging
would make rally and that plugin
a single combined application which looking at https://www.gnu.org/licenses/gpl-faq.en.html#NFUseGPLPlugins would imply
that the GPL would have to apply to the entire combination fo rally and the elastic search plugin. that would depend on
how the plugin was loaded. 

if the exporter plugin is forked into a seperate python inteperater instance instaead of imported as a lib and invoked
via a fuction call it would not form a single combined program but i have not looked at how rally uses the plugin.

it would likely be good for legal and the rally core team to review.
the simplest soltution if an issue is determinted to exist would be to move the
elastic search plugin into its own repos so it si distibuted seperately from rally.
failing that the code that depends on morph would have to be removed to resolve the conflict.

as i said im not a leagl expert so this is just my personal opinion as such
take it with a grain of salt.
regard
sean


> 
> Thanks,
> Ilya