On Sat, Oct 20, 2012 at 7:19 PM, Rohit Yadav <[email protected]> wrote: > Hi David, I think there should not be any issues. It's a runtime dependency > just like pymysql and obtainable from cheeseshop/pypi using pip/easy_install > and while building/installing/running marvin > (http://pypi.python.org/pypi/mysql-connector-python). It's the same case with > other deps like nose, unittest-xml-reporting etc. > > I think it should be used as it's developed and maintained by the MySQL > server people and there is nothing we're introducing. mysql-connector-python > and MySQL server are both released under GPLv2, pymysql have their own > license: https://github.com/petehunt/PyMySQL/blob/master/LICENSE >
So there are a number of potential problems - GPL/LGPL/copyleft dependencies can be problematic and even forbidden. Moreover it may inject requirements on us to report it in NOTICE or LICENSE. See Chips note about an earlier problem around this: http://markmail.org/message/huevw4ur73a64b5c We _HAVE_ to handle this on an ongoing basis, an audit after the fact is too expensive in terms of time and effort. If anyone adds/subtracts/changes a dependency, we need to discuss it, verify that we can use it, and document it.
