Thanks Chris! On Mon, Sep 6, 2021, 13:13 Christofer Dutz <[email protected]> wrote:
> Hi all, > > I asked Justin McLean (VP of the Incubator) to review the thread and he > confirmed the advice was sound ... > So I guess this is something you could start working with. > > Chris > > > -----Ursprüngliche Nachricht----- > Von: Christofer Dutz <[email protected]> > Gesendet: Montag, 6. September 2021 12:31 > An: [email protected] > Betreff: AW: Apache Wayang dependencies with other licenses > > Ok … condensing the licenses in play … (Mostly listed multiple times due > to different notation) > > Ones with „OK“ are ok … ones with „BAD“ can be used in some cases, > depending on the case, „FORBIDDEN“ can’t be used in an Apache release. > > Here the list of the sorted licenses: > OK - MIT > FORBIDDEN - GPLv2 (with classpath exception) BAD - CDDL + GPLv2 (with > classpath exception) (Dual licensing … chan choose which one applies) (CDDL > is considered BAD … can be contained in certain situations) OK - BSD > 2-Clause OK - BSD 3-Clause (AKA „the new BSD“) FORBIDDEN - BSD 4-Clauss > (Aka „The BSD License“) OK - Apache 2.0 BAD - EPL 1.0 (Aka Eclipse public > license) BAD - EPL 2.0 (Aka Eclipse public license) OK - Public Domain > (Needs attribution) OK - ICU License FORBIDDEN - LGPL (AKA GNU Lesser > Public License, GNU Lesser General Public License, …) BAD - MPL (Aka > Mozilla Public License) OK - CC0 (Aka Creative Commons) (Needs attribution) > FORBIDDEN - JSON License BAD - CDDL OK - PostgreSQL License > > Ones I’m not sure of: > HSQLDB License > OW2 Licence > Jython Software License > > Chris > > Von: Bertty Contreras <[email protected]> > Gesendet: Freitag, 3. September 2021 01:55 > An: [email protected] > Betreff: Re: Apache Wayang dependencies with other licenses > > I just finished checking all the licenses and the resume list is below. > > NOTE: the pipe (|) indicate different name for the same license > > (36 licenses different) > > * The MIT License | MIT License | MIT > * GPL | GNU General Public License (GPL), version 2, with the > Classpath exception > * New BSD License | New BSD license | The New BSD License > * BSD 2-Clause License > * BSD 3 Clause | The BSD 3-Clause License | BSD 3-Clause "New" or > "Revised" License (BSD-3-Clause | 3-Clause BSD License |BSD 3-clause |BSD > 3-clause |BSD 3-Clause | BSD 3 Clause License > * BSD | The BSD License | BSD licence > * Revised BSD > * Apache License > * ASF 2.0 | The Apache Software License, Version 2.0 | Apache License, > Version 2.0 | Apache 2.0 License | Apache License Version 2.0 | Apache 2.0 > | Apache-2.0 | The Apache License, Version 2.0 | Apache License Version 2 | > Apache 2 | http://www.apache.org/licenses/LICENSE-2.0.txt | Apache > License 2.0 | Apache Software License - Version 2.0 > * Eclipse Public License 1.0 | Eclipse Public License - Version 1.0 > * Eclipse Public License v2.0 > * Public Domain > * Unicode/ICU License > * LGPL > * GNU Lesser Public License > * GNU Lesser General Public License (LGPL), Version 2.1 | GNU Lesser > General Public License 2.1 | LGPL 2.1 > * MPL > * Unknown license > * MPL 1.1 > * HSQLDB License, a BSD open source license > * GPL2 w/ CPE > * http://asm.ow2.org/license.html > * CDDL + GPLv2 with classpath exception > * Dual license consisting of the CDDL v1.1 and GPL v2 > * Jython Software License > * CC0 > * Public domain > * The JSON License > * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0) > * The PostgreSQL License > * CDDL 1.1 > * provided without support or warranty > * CDDL+GPL License > I used the plugin org.codehaus.mojo:license-maven-plugin:2.0.0 to the > licenses attached on the file THIRD-PARTY. > > if you find some license that you think we need to delete let me know, but > also many of them are like 2 or more levels of dependency down > > Related to the trove4j(is the unique direct one), I will use the apache > commons library and I will put a "TODO" of doing a test with different > libraries, but i think it is not too much difference. > > Best regards, > Bertty > > On Thu, Sep 2, 2021 at 11:08 PM Christofer Dutz <[email protected] > <mailto:[email protected]>> wrote: > Have a look at Google guava > https://github.com/google/guava > > Or, even better, apache commons. > > Chris > > Holen Sie sich Outlook für Android<https://aka.ms/AAb9ysg> > ________________________________ > From: bertty contreras <[email protected]<mailto: > [email protected]>> > Sent: Thursday, September 2, 2021 10:25:43 PM > To: [email protected]<mailto:[email protected]> < > [email protected]<mailto:[email protected]>> > Subject: Re: Apache Wayang dependencies with other licenses > > Then i will remove the Trave4j(LGPL that we are using in the code), and i > will figure out if exist an third party that is using some LGPL and notify > to you. > > Best regards, > Bertty > > On Thu 2. Sep 2021 at 18:30, Jean-Baptiste Onofre <[email protected]<mailto: > [email protected]>> wrote: > > > Yes, it’s my point: if it’s included like this and third party use > > wayang as dependencies, then the LGPL dependency will come transitively. > > > > So it’s not good IMHO. > > > > Regards > > JB > > > > > Le 2 sept. 2021 à 18:28, Christofer Dutz > > > <[email protected]<mailto:[email protected]>> a > > écrit : > > > > > > I think he means: Adding a dependency in a pom. > > > > > > It's technically not included in the Apache release. However if you > > build something with it, the end product will have to contain it. (A > > sort of borderline case is if it's used for testing, but isn't > > included in the final output, but that's a slippery slope). > > > > > > So in the end if someone would be building something with our Apache > > licensed library, in the end he would be stuck with something that's > > technically LGPL ... that's why we don't like that license. > > > > > > Chris > > > > > > > > > -----Ursprüngliche Nachricht----- > > > Von: Jean-Baptiste Onofre <[email protected]<mailto:[email protected]>> > > > Gesendet: Donnerstag, 2. September 2021 18:23 > > > An: [email protected]<mailto:[email protected]> > > > Betreff: Re: Apache Wayang dependencies with other licenses > > > > > > What do you mean by « linking » ? You mean use it as dependency ? > > > > > > Regards > > > JB > > > > > >> Le 2 sept. 2021 à 18:21, Alexander Alten <[email protected]<mailto: > [email protected]>> a écrit : > > >> > > >> Thats right, but linking per pom.xml is not an issue, isn’t? > > >> > > >> —Alex > > >> > > >>> On 2. Sep 2021, at 18:18, Christofer Dutz > > >>> <[email protected]<mailto:[email protected]>> > > wrote: > > >>> > > >>> Hi Alex, > > >>> > > >>> unfortunately this is not quite correct. Having LGPL2 is actually > > something we are not allowed to use. > > >>> > > >>> Chris > > >>> > > >>> -----Ursprüngliche Nachricht----- > > >>> Von: Alexander Alten <[email protected]<mailto:[email protected]>> > > >>> Gesendet: Donnerstag, 2. September 2021 08:25 > > >>> An: [email protected]<mailto:[email protected]> > > >>> Betreff: Re: Apache Wayang dependencies with other licenses > > >>> > > >>> Hi folks, > > >>> > > >>> According to > > >>> https://opensource.stackexchange.com/questions/5664/linking-from-l > > >>> gpl > > >>> -2-1-software-to-apache-2-0-library/5756#5756 > > >>> > > >>> the linking to LGPL2 libs is not problematic, the permissive part > > applies. > > >>> In general the use of other libs, which are not distributed over > > >>> the > > project, is fine. We just need to make sure that we reference the > > library in the pom.xml file and not distribute them directly. > > >>> BSD license, as well as MIT are compatible. > > >>> > > >>> Chris, and mentors - any comments here before we start to draft > > >>> the > > first release? > > >>> > > >>> Best, > > >>> --alex > > >>> > > >>> -- > > >>> Alexander Alten > > >>> PPMC Apache Wayang > > >>> > > >>> > > >>> > > >>> On Tue, Aug 31, 2021, 23:57 Rodrigo Pardo Meza > > >>> <[email protected]<mailto:[email protected]>> > > >>> wrote: > > >>> > > >>>> Hi folks, > > >>>> > > >>>> @bertty contreras > > >>>> <[email protected]<mailto:[email protected]>> and > I have been working on the first release. To this end: > > >>>> > > >>>> (1) We checked the maintenance state of the libraries actively > > >>>> used by Wayang. One of them (HPI) has been deleted and > > >>>> Experiments storage functionalities have been incorporated into > > >>>> the code of Wayang in order to extend them. > > >>>> > > >>>> (2) We checked the licenses of the libraries currently used by > > Wayang. > > >>>> Not going further to the licenses of the dependencies of these > > >>>> libraries (Only was checked the first level of the dependency > > >>>> tree of Wayang). We found the next observations: > > >>>> > > >>>> - trove4j > > >>>> <https://mvnrepository.com/artifact/net.sf.trove4j/trove4j> > > >>>> has LGPL 2.1 license > > >>>> - antlr4 > > >>>> <https://mvnrepository.com/artifact/org.antlr/antlr4-runtime> > > >>>> has BSD license > > >>>> - paranamer > > >>>> <https://mvnrepository.com/artifact/com.thoughtworks.paranamer/pa > > >>>> ran > > >>>> am > > >>>> er> has BSD licence. Spark has this dependency as well with > > >>>> er> runtime > > >>>> scope, if Wayang does the same should be ok? > > >>>> - hsqldb <https://mvnrepository.com/artifact/org.hsqldb/hsqldb> > > >>>> has BSD license > > >>>> > > >>>> Someone can help us to find out if our project can use these > > >>>> dependencies; otherwise, does anyone have suggestions of > > >>>> libraries to replace them? > > >>>> > > >>>> Thanks in advance. > > >>>> > > >>>> Best regards > > >>>> > > >> > > > > > > > >
