Re: LGPL-2.1 in beam-vendor-grpc

Mon, 10 May 2021 07:02:37 -0700

+1 for blocking the release - I think we should not release something about which we _know_ that it might be legally problematic. And we should definitely create a check in the build process that will warn about such issues in the future. 

 Jan

On 5/10/21 3:44 PM, Ismaël Mejía wrote:
Tomo just confirmed in the ticket that if we update the gRPC vendored version we won't need the JBoss dependency anymore so we should be good to go with the upgrade. The open question is if this should be blocking for the upcoming Beam 2.31.0 release or we can fix it afterwards.
On Mon, May 10, 2021 at 2:46 PM Ismaël Mejía <ieme...@gmail.com <mailto:ieme...@gmail.com>> wrote: 

    We have been discussing about updating the vendored dependency in
    BEAM-11227 <https://issues.apache.org/jira/browse/BEAM-11227>, if
    I remember correctly the newer version of gRPC does not require
    the jboss dependency, so probably is the best upgrade path, can
    you confirm Tomo Suzuki
    <https://issues.apache.org/jira/secure/ViewProfile.jspa?name=suztomo>
    ?

    On Mon, May 10, 2021 at 2:33 PM Jarek Potiuk <ja...@potiuk.com
    <mailto:ja...@potiuk.com>> wrote:

        Also we have very similar discussion about it in
        https://issues.apache.org/jira/browse/LEGAL-572
        <https://issues.apache.org/jira/browse/LEGAL-572>
        Just to be clear about the context of it, it's not a legal
        requirement of Apache Licence, it's Apache Software Foundation
        policy, that we should not limit our users in using our
        software. If the LGPL dependency is "optional", it's fine to
        add such optional dependency. If it is "required" to run your
        software, then it is not allowed as it limits the users of ASF
        software in further redistributing the software in the way
        they want (this is at least my understanding of it).

        On Mon, May 10, 2021 at 12:58 PM JB Onofré <j...@nanthrax.net
        <mailto:j...@nanthrax.net>> wrote:

            Hi

            You can take a look on

            https://www.apache.org/legal/resolved.html
            <https://www.apache.org/legal/resolved.html>

            Regards
            JB


            Le 10 mai 2021 à 12:56, Elliotte Rusty Harold
            <elh...@ibiblio.org <mailto:elh...@ibiblio.org>> a écrit :

            Anyone have a link to the official Apache policy about
            this? Thanks.

            On Mon, May 10, 2021 at 10:07 AM Jan Lukavský
            <je...@seznam.cz <mailto:je...@seznam.cz>> wrote:


            Hi,

            we are bundling dependencies with LGPL-2.1, according to
            license header
            in
            META-INF/maven/org.jboss.modules/jboss-modules/pom.xml.
            I think is
            might be an issue, already reported here: [1]. I created
            [2] to track it
            on our side.

             Jan

            [1] https://issues.apache.org/jira/browse/FLINK-22555
            <https://issues.apache.org/jira/browse/FLINK-22555>

            [2] https://issues.apache.org/jira/browse/BEAM-12316
            <https://issues.apache.org/jira/browse/BEAM-12316>
-- Elliotte Rusty Harold 
            elh...@ibiblio.org <mailto:elh...@ibiblio.org>
-- +48 660 796 129

Reply via email to