cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Simons <>
Subject Re: Review Request 23192: Adding Readme and run checkbox at the end of the installation. Also installing mysql connector
Date Thu, 03 Jul 2014 15:14:30 GMT

On 7/3/14, 4:11 PM, "Chip Childers" <> wrote:
>On Thu, Jul 03, 2014 at 02:59:55PM +0200, Hugo Trippaers wrote:
>> On to the actual point behind my comment, ASF policy is not very clear
>> about when we can or can¹t put anything in our code that points to
>> something with a (L)GPL license. I would like some feedback from
>> people with a finer grasp of the policy to see if we can actually
>> include this dependency on mysql and the mysql connection in our wix
>> script.
>> Cheers,
>> Hugo
>This is a bit tricky (and splitting hairs)... Obviously all of this is
>based on my understanding of past discussions and the relevant policies
>/ licenses...  but INAL and certainly not an expert here.  Comments /
>disagreements welcome.
>In a non-platform specific sense, we have said that the MySQL
>connector jar file is a *system dependency*.
>For the non-developer profiles, it is expected that mysql connector is
>already on your system prior to using the software.
>Now, we DO provide scripts to help downstream projects and users build
>Now, dealing with the whole MSI thing (including the specific review in
>question, but also looking in other places related to the MSI), we have
>a different situation.
>*MySQL Itself*
>First, we are specifically taking action to download and install MySQL.
>This has to be taken out IMO, since it's quite a bit different from
>saying "here's a system package we expect to be there, like java
>itself".  Since Windows doesn't have "package management" that pulls
>from a central repo, I understand why the download is there...  but I'm
>-1 on it being in a release.
>*MySQL Connector*
>I see that we are doing the same thing with the connector in the pom
>files and the MSI - explicitly pulling it into the system.

Yup, this is all spot on. For reference, mysql has been discussed _a lot_
in the past

>I'll defer to someone else about the specifics of that in the pom files,
>because I'm not a maven guy that knows what exactly is ocurring there.
>Can someone review and talk about how that directive behaves (and
>compare / contrast with the developer profiles)?

It looks like that maven pom on windows _by default_ downloads and
installs a variety of non-apache-license (and/or non-mit/bsd/variant
license) software. That shouldn¹t really happen. The principle is one of
³least surprise²: As a user or developer who does not RTFM, following the
default commands/tools/etc, you should end up with a more-or-less
apache-licensed build result (*) that you can redistribute the result

But apache policy is that it is acceptable to provide scripts/build
tools/assistance to help those same users/developers do things that they
want to do. As long as they understand the legal situation they end up in.

I would recommend adding a "nonoss" maven profile that the developer/user
has to explicitly select in order to do those downloads. As long as that
option is described clearly, that¹s then ok. See

for an example of how to point out the license situation.

Something similar is true by the way (IMHO, but as a project cloudstack
can definitely decide differently), for a possible MSI script. Making an
MSI script that prompts the user whether to download mysql at the point of
install, **clearly pointing out the license situation** if they choose to
do so, seems reasonable, and I personally would not object to shipping
_that_ kind of script as part of an apache source release.

Finally, the _spirit_ behind the apache policies is that there should be
an option to use cloudstack with a license-compatible database (say,
postgres), even if most users will use mysql (just like most people that
use dbm with httpd will use berkely dbm, but you _can_ use something
else). It¹s perhaps unfortunate that this isn¹t supported, but that¹s not
apache policy, and given the license situation of other system
dependencies, I can imagine no-one here wants to make it a priority.



PS: IANAL, but, a lot of this discussion is a bit beyond legal, and is
about choice/policy, and the policy is supposed to be based on common
sense much more than license stuff tends to be :)

(*) technically, LICENSE-file-licensed result, which could include BSD,
MIT, and a bunch of other such compatible license terms

View raw message