Open LDAP is a form of copy-left. It requires source code distribution of binary packaged versions.
On Fri, Jun 8, 2018 at 7:10 PM Dave Fisher <dave2w...@comcast.net> wrote: > Yuck. That’s a mess. That is one very large diff. > > I see a few files related to AES the were GPL converted to Apache which > not allowed. > Copyrights were changed too which is also incorrect. > > Changes to this file be/src/http/mongoose.h > <https://github.com/baidu/palo/commit/6486be64c319fe0beb8c6b4430c1662de54f182e#diff-586168bd25cfbf3bc8bc1b52abc4206c> > violate > license and copyright of Sergey Lyubka > > GitHub makes you expand each diff after awhile. > > There are dependency licenses that might be issues too. > > These licenses have not been evaluated by LEGAL. > * OpenLdap (OpenLDAP Software License) > > http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=e5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1 > * rapidjson (Tencent) > Unknown > * cyrus-sasl (CMU License) > https://spdx.org/licenses/MIT-CMU.html > AKA MIT-CMU > > Lots of work in evaluating licenses. > > On Jun 8, 2018, at 9:46 AM, Ted Dunning <ted.dunn...@gmail.com> wrote: > > Ouch. > > The copyright in question was attached to code from the source code for > mySQL. There is no way that code can be in an Apache project. > > Given the cut and paste history, it seems like it will require a very > detailed audit of code history or web searches to find where the original > code came from. The my_aes.c and .h files, for instance, have no hint in > their history that they came from GPL'ed code. > > > Yeah. Lot’s of oversight. > > If we accept this proposal we need a Mentor who has time to help with this > mess. > > I don’t know that I have the time to lead that effort. Anyone? > > Regards, > Dave > > > On Fri, Jun 8, 2018 at 5:37 PM Todd Lipcon <t...@cloudera.com> wrote: > > ... > > +1. Also briefly browsing the code I found suspicious commits like this > one: > > > https://github.com/baidu/palo/commit/6486be64c319fe0beb8c6b4430c1662de54f182e > > ... in which a GPL license copyright by Oracle was "fixed" to be an Apache > license copyright Baidu. > > So if this project does enter incubation I think we should be extra careful > to audit the origins of all of the source code. > > > >