www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nick Couchman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-299) Category-X Dependency in Incubator Project
Date Sat, 22 Apr 2017 00:30:04 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15979644#comment-15979644
] 

Nick Couchman commented on LEGAL-299:
-------------------------------------

{quote}
I'm not an official answer person, but If you imagine that CatX source and binaries are peanuts
and some of your customers have a peanut allergy, the downloading and building of your source
and binary artifacts should not result in peanut contamination of the user's machine or network.
{quote}

At the risk of being picky and repeating myself, there is no LGPL source code involved.  There
is no LGPL source code in this extension, and the extension does not depend on any LGPL-licensed
sources.  It pulls in, via the Maven repository, binaries for the LGPL-licensed JRadius extension,
and the question has always been how the dependency on the *binary* LGPL item impacts the
project, extension, and build.

Anyway, we're working on building out a separate profile in pom.xml that would include this
extension so that the default build does not pull in the Cat-X binary.  Between that and not
distributing any binaries, it sounds like we can put this one to rest.

> Category-X Dependency in Incubator Project
> ------------------------------------------
>
>                 Key: LEGAL-299
>                 URL: https://issues.apache.org/jira/browse/LEGAL-299
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Nick Couchman
>
> I'm currently contributing code to the Guacamole project, which is in the Incubator phase
with ASF.  One of the items I'm contributing is an extension to the Guacamole Client that
supports RADIUS authentication.  The extension that I've written includes a binary dependency
on the JRadius library, which is licensed under LGPL-2.1, a license not compatible with the
Apache 2.0 license and listed in the Category-X section on the ASF legal page.
> We have been through several rounds of discussions in the project and on the Incubator
General list about the acceptability of including this extension in the project.  At this
point we have determined that it is definitely not acceptable to distribute a binary form
of this extension that would include the binary (JAR) of the JRadius library.  However, if
possible, we'd like to include the source code for this extension in the main repository,
with instructions to users on building the extension.  Based on the information provided on
the ASF legal page, we believe this is acceptable, but would like to have verification on
that.
> All of the source code in the extension is Apache 2.0 licensed.  There is no source code
included from the JRadius library, only calls to classes and methods provided by the library.
> Finally, the source code in question is for an optional extension to the Guacamole Client
project, and is not core to its functionality.  It allows a user to perform RADIUS authentication
with the Guacamole Client, if they so choose, and other authentication modules are also available.
> Given the above information, can we get some guidance on whether or not including the
source code for the extension (*not* the JRadius library) in this ASF Incubator project is
acceptable?



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message