Heya, On 7/3/14, 4:11 PM, "Chip Childers" <chipchild...@apache.org> wrote: >On Thu, Jul 03, 2014 at 02:59:55PM +0200, Hugo Trippaers wrote: >> >> On to the actual point behind my comment, ASF policy is not very clear >> about when we can or can¹t put anything in our code that points to >> something with a (L)GPL license. I would like some feedback from >> people with a finer grasp of the policy to see if we can actually >> include this dependency on mysql and the mysql connection in our wix >> script. >> >> Cheers, >> >> Hugo > >This is a bit tricky (and splitting hairs)... Obviously all of this is >based on my understanding of past discussions and the relevant policies >/ licenses... but INAL and certainly not an expert here. Comments / >disagreements welcome. > > >In a non-platform specific sense, we have said that the MySQL >connector jar file is a *system dependency*. >... >For the non-developer profiles, it is expected that mysql connector is >already on your system prior to using the software. >... >Now, we DO provide scripts to help downstream projects and users build >packages: >.. >Now, dealing with the whole MSI thing (including the specific review in >question, but also looking in other places related to the MSI), we have >a different situation. > >*MySQL Itself* >First, we are specifically taking action to download and install MySQL. >This has to be taken out IMO, since it's quite a bit different from >saying "here's a system package we expect to be there, like java >itself". Since Windows doesn't have "package management" that pulls >from a central repo, I understand why the download is there... but I'm >-1 on it being in a release. > >*MySQL Connector* >I see that we are doing the same thing with the connector in the pom >files and the MSI - explicitly pulling it into the system.
Yup, this is all spot on. For reference, mysql has been discussed _a lot_ in the past http://apache.markmail.org/search/?q=mysql+list%3Aorg.apache.legal-discuss >I'll defer to someone else about the specifics of that in the pom files, >because I'm not a maven guy that knows what exactly is ocurring there. >Can someone review and talk about how that directive behaves (and >compare / contrast with the developer profiles)? It looks like that maven pom on windows _by default_ downloads and installs a variety of non-apache-license (and/or non-mit/bsd/variant license) software. That shouldn¹t really happen. The principle is one of ³least surprise²: As a user or developer who does not RTFM, following the default commands/tools/etc, you should end up with a more-or-less apache-licensed build result (*) that you can redistribute the result under. But apache policy is that it is acceptable to provide scripts/build tools/assistance to help those same users/developers do things that they want to do. As long as they understand the legal situation they end up in. I would recommend adding a "nonoss" maven profile that the developer/user has to explicitly select in order to do those downloads. As long as that option is described clearly, that¹s then ok. See http://svn.apache.org/repos/asf/apr/apr/trunk/README for an example of how to point out the license situation. Something similar is true by the way (IMHO, but as a project cloudstack can definitely decide differently), for a possible MSI script. Making an MSI script that prompts the user whether to download mysql at the point of install, **clearly pointing out the license situation** if they choose to do so, seems reasonable, and I personally would not object to shipping _that_ kind of script as part of an apache source release. Finally, the _spirit_ behind the apache policies is that there should be an option to use cloudstack with a license-compatible database (say, postgres), even if most users will use mysql (just like most people that use dbm with httpd will use berkely dbm, but you _can_ use something else). It¹s perhaps unfortunate that this isn¹t supported, but that¹s not apache policy, and given the license situation of other system dependencies, I can imagine no-one here wants to make it a priority. cheers, Leo PS: IANAL, but, a lot of this discussion is a bit beyond legal, and is about choice/policy, and the policy is supposed to be based on common sense much more than license stuff tends to be :) (*) technically, LICENSE-file-licensed result, which could include BSD, MIT, and a bunch of other such compatible license terms
