Hi Ash / Justin, This is indeed a very delicate issue. From my experience in several M&A/DD processes, LGPL license is very tricky and the approach suggested by Ash is the approach I'm familiar with. Both in Java & Python LGPL is very common and taking a stricter approach might result in a ripple effect - as LGPL like GPL is contagious.
As a short term solution we will do as Justin suggested and add the disclaimer. Kind regards, Lior On Wed, Apr 21, 2021 at 5:55 PM Ash Berlin-Taylor <a...@apache.org> wrote: > Hi Aviem, > > Hi everyone, Airflow PMC here. > > First off, eek. Not sure how this happened, it's been like this for a > while. > > I agree -- we could possibly fix the direct dependency on requests/chardet > in Airflow, but as you have already discovered there are many more python > libraries that depend upon requests - docker and kubernetes being the two > that are hard to work around!. > > (Kubernetes has a _direct_ dep on a lgpl'd dep too) > > I'm writing a post to le...@apache.org, as _my_ reading is that depending > upon LGPLd library at runtime only, but not shipping it is "work that uses > the Library", and as per clause 5 of the LGPL 2.1 license should be fine > https://opensource.org/licenses/LGPL-2.1 > > > A program that contains no derivative of any portion of the Library, but > is designed to work with the Library by being compiled or linked with it, > is called a "work that uses the Library". Such a work, in isolation, is not > a derivative work of the Library, and therefore falls outside the scope of > this License. > > (There are a few caveats to this, so be careful about what else you might > do with the code, such as creating) > > We'll see what Legal say about this. > > Thanks, > Ash > > On 2021/04/21 10:39:58, Aviem Zur <aviem...@gmail.com> wrote: > > We can try to reach out. It looks like `chardet` can't change their > license > > and `requests` have a won't fix / no time to fix attitude towards it. > > > > Meanwhile what do we do regarding releases of our artifacts? > > I don't see how we can develop a python project without having an > indirect > > dependency on `requests` package as detailed above. > > > > On Wed, Apr 21, 2021 at 12:51 PM Justin Mclean <jus...@classsoftware.com > > > > wrote: > > > > > Hi, > > > > > > Sorry I’m not sure what to suggest. Normally I’d say contact the > project > > > and ask if they would be willing to distribute the library under > another > > > license e.g. dual license it under LGPL and ALv2 but this seem unlikely > > > [1]. I guess it wouldn't hurt to ask again. > > > > > > Kind Regards, > > > Justin > > > > > > > > > 1. https://github.com/chardet/chardet/issues/36 > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
