www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shane Curcuru (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-299) Category-X Dependency in Incubator Project
Date Mon, 17 Apr 2017 03:04:41 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15970622#comment-15970622
] 

Shane Curcuru commented on LEGAL-299:
-------------------------------------

Question: what is the scope and type of the extension's architecture in the context of what
Guacamole does?

- Is this extension merely a shim or small layer of coordinating code handling the generic
concept of authenticating a user within Guacamole by using one of a number of well-known authentication
standards?

- In terms of the rest of the functionality of Guacamole, does it change how your core functionality
works when using this extension vs. when using another well-known authentication method or
extension?

As Marvin notes, by policy, we don't ship code that uses Cat X related code for core or major
functionality.  So we'd only consider this kind of work in an extension, and only an optional
one.  Thus, the scope of how the extension changes how Guacamole works may matter - both in
terms of users, as well as in terms of potential contributors or even just developers who
may want to extend Guacamole without having to think about terms beyond ALv2.  Part of the
question would be: is it ever likely that contributors or developers would want to change
the extension's code itself to add notable features or not?

Good question, and thanks for the detail.

> Category-X Dependency in Incubator Project
> ------------------------------------------
>
>                 Key: LEGAL-299
>                 URL: https://issues.apache.org/jira/browse/LEGAL-299
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Nick Couchman
>
> I'm currently contributing code to the Guacamole project, which is in the Incubator phase
with ASF.  One of the items I'm contributing is an extension to the Guacamole Client that
supports RADIUS authentication.  The extension that I've written includes a binary dependency
on the JRadius library, which is licensed under LGPL-2.1, a license not compatible with the
Apache 2.0 license and listed in the Category-X section on the ASF legal page.
> We have been through several rounds of discussions in the project and on the Incubator
General list about the acceptability of including this extension in the project.  At this
point we have determined that it is definitely not acceptable to distribute a binary form
of this extension that would include the binary (JAR) of the JRadius library.  However, if
possible, we'd like to include the source code for this extension in the main repository,
with instructions to users on building the extension.  Based on the information provided on
the ASF legal page, we believe this is acceptable, but would like to have verification on
that.
> All of the source code in the extension is Apache 2.0 licensed.  There is no source code
included from the JRadius library, only calls to classes and methods provided by the library.
> Finally, the source code in question is for an optional extension to the Guacamole Client
project, and is not core to its functionality.  It allows a user to perform RADIUS authentication
with the Guacamole Client, if they so choose, and other authentication modules are also available.
> Given the above information, can we get some guidance on whether or not including the
source code for the extension (*not* the JRadius library) in this ASF Incubator project is
acceptable?



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message