incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Dunning <ted.dunn...@gmail.com>
Subject Re: Looking for Champion
Date Fri, 08 Jun 2018 20:13:12 GMT
Open LDAP is a form of copy-left. It requires source code distribution of
binary packaged versions.



On Fri, Jun 8, 2018 at 7:10 PM Dave Fisher <dave2wave@comcast.net> wrote:

> Yuck. That’s a mess. That is one very large diff.
>
> I see a few files related to AES the were GPL converted to Apache which
> not allowed.
> Copyrights were changed too which is also incorrect.
>
> Changes to this file be/src/http/mongoose.h
> <https://github.com/baidu/palo/commit/6486be64c319fe0beb8c6b4430c1662de54f182e#diff-586168bd25cfbf3bc8bc1b52abc4206c>
violate
> license and copyright of Sergey Lyubka
>
> GitHub makes you expand each diff after awhile.
>
> There are dependency licenses that might be issues too.
>
> These licenses have not been evaluated by LEGAL.
> * OpenLdap (OpenLDAP Software License)
>
> http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=e5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1
> * rapidjson (Tencent)
> Unknown
> * cyrus-sasl (CMU License)
> https://spdx.org/licenses/MIT-CMU.html
> AKA MIT-CMU
>
> Lots of work in evaluating licenses.
>
> On Jun 8, 2018, at 9:46 AM, Ted Dunning <ted.dunning@gmail.com> wrote:
>
> Ouch.
>
> The copyright in question was attached to code from the source code for
> mySQL. There is no way that code can be in an Apache project.
>
> Given the cut and paste history, it seems like it will require a very
> detailed audit of code history or web searches to find where the original
> code came from. The my_aes.c and .h files, for instance, have no hint in
> their history that they came from GPL'ed code.
>
>
> Yeah. Lot’s of oversight.
>
> If we accept this proposal we need a Mentor who has time to help with this
> mess.
>
> I don’t know that I have the time to lead that effort. Anyone?
>
> Regards,
> Dave
>
>
> On Fri, Jun 8, 2018 at 5:37 PM Todd Lipcon <todd@cloudera.com> wrote:
>
> ...
>
> +1. Also briefly browsing the code I found suspicious commits like this
> one:
>
>
> https://github.com/baidu/palo/commit/6486be64c319fe0beb8c6b4430c1662de54f182e
>
> ... in which a GPL license copyright by Oracle was "fixed" to be an Apache
> license copyright Baidu.
>
> So if this project does enter incubation I think we should be extra careful
> to audit the origins of all of the source code.
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message