IMO, your options are:

1) leave it alone, or
2) make it an optional dependency and allow users to make the decision.

The license itself would fall under -- http://www.apache.org/legal/resolved.html#category-x (see the "special exceptions to gnu gpl")

On Fri, Jan 30, 2015 at 7:04 AM, Richard Downer <richard@apache.org> wrote:
Hello all,

I'm from the incubating Brooklyn project and we have a query about the
license on a software project that we would like to depend on.

The project is XebiaLabs' "OverThere":
https://github.com/xebialabs/overthere

However it comes with a possibly troublesome license:
https://raw.githubusercontent.com/xebialabs/overthere/master/LICENSE

It seems their intention is that it's GNU GPL2, unless the software
you are using it with is on a list of "approved" open source licenses,
in which case they'll let you off most of the GPL requirements. Apache
Software License v2 is on their approved list.

Reading the license I still see some potentially problematic clauses -
in particular 0.b.(ii) seems to say that source code must accompany
all binary distribution of the combined software product (a
requirement that ASLv2 doesn't have). Also, our project could
potentially be combined by our users with closed-source components in
a way that is permitted by ASLv2 but which then falls foul of this
list of approved licenses.

Possibly mitigating circumstances is that this dependency is not core
to our project and could be made optional (i.e., source code could
compile without error unless the dependency is specifically enabled,
and the binary distribution would operate normally without it until a
call for its specific functionality is made). Therefore we could push
the decision to include this component onto the end users, and it
would be their responsibility to comply with the license.

If we *were* to depend on OverThere, then we would express that as a
Maven dependency - so we would not be bundling any OverThere code in
our repository or source distribution. However we would like to start
making binary releases and therefore we may include the OverThere
binary inside our binary distribution.

Any opinions on this situation? Is there any way we can make this
work, or should it leave OverThere well alone?

Thanks for your comments,

Richard.

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org