incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Friedrich (efriedri)" <efrie...@cisco.com>
Subject Traffic Control Podling Bundled Dependencies
Date Mon, 15 May 2017 11:20:35 GMT
Hi All-
   The Traffic Control podling would like to use some third party open source code to help
us manage some databases in our project (https://bitbucket.org/liamstask/goose/). This tool
and its dependencies all fall into the Category A bucket (AL, MIT, BSD)

Unfortunately, this tool appears to no longer be maintained and there is concern that the
source may disappear at some point. Also, many of our users would like to build and install
without requiring Internet access to retrieve and compile the goose tool.

We have considered vendoring (duplicating) goose source in our code, but it is 375k lines
of code and would require constant updating if the tool or its dependencies change.


From a licensing and Apache release standpoint, is the following allowed:
- Do not vendor goose source in the traffic control repo
- In our source release artifact, include the source code for goose and all of its dependencies
(and appropriate modifications to LICENSE/NOTICE). It will be dynamically downloaded from
bitbucket at release time.
- Build/Install process would build from this version of goose instead of retrieving from
Internet
- If we choose to produce convenience binaries, include the goose binary in the convenience
package
- If goose’s bitbucket repo is ever deleted, we can then import code from a previous release
tarball into our repo for preservation.

How have others in the incubator solved similar problems?

Thanks,
Eric
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message