Hi. > 1. Stop distribute the binary of incubator-dubbo-admin
I think "stop distribute the binary" would NOT change the fact the source release could lead users to use `hiberante-core`. I doubt this is an option. Also based on the license issue, you should consider canceling this vote, and move the further discussion to dev ml. Sheng Wu 吴晟 Apache SkyWalking, ShardingSphere, Zipkin Twitter, wusheng1108 Huxing Zhang <hux...@apache.org> 于2019年4月21日周日 下午11:02写道: > Hi, > > I am thinking why spring-boot-starter-data-jpa depends on LGPL > licensed library "hibernate-core", and can still be Apache 2.0 > licensed. > I am reading [1]. In section 5 it says: > > A program that contains no derivative of any portion of the Library, > but is designed to work with the Library by being compiled or linked > with it, is called a "work that uses the Library". Such a work, in > isolation, is not a derivative work of the Library, and therefore > falls outside the scope of this License. > > I think spring-boot-starter-data-jpa falls in to this case. It is a > "work that uses the Library". > > The source code of incubator-dubbo-admin should also falls into this > case, because it does not contain any portion of the hibernate-core. > Based on it and explanation here[2], I think the source code can be > released anyway. Is my understanding correct? > > Next, the LGPL license says: > > However, linking a "work that uses the Library" with the Library > creates an executable that is a derivative of the Library (because it > contains portions of the Library), rather than a "work that uses the > library". The executable is therefore covered by this License. > > The binary distribution of incuabator-dubbo-admin falls into this case > because it creates an executable that contains binary of > hibernate-core. Therefore it is a "work based on the library". As a > derivative of hibernate-core, it must be licensed with LGPL/GPL, which > is not allowed as an Apache product, and eventually causes the > incompatibility. > > If my understanding is correct, there are at least 4 ways to solve this > issue: > 1. Stop distribute the binary of incubator-dubbo-admin > 2. Make the feature optional, as explained here[3] > 3. Stop depending on hiberante-core > 4. Choose other Apache compatible equivalent > > I recommend to go with number 3 in my last thread. > > > [1] https://opensource.org/licenses/LGPL-2.1 > [2] https://www.apache.org/legal/resolved.html#prohibited > [3] https://www.apache.org/legal/resolved.html#optional > > On Sun, Apr 21, 2019 at 10:40 AM Huxing Zhang <hux...@apache.org> wrote: > > > > Hi, > > > > ccing dev@dubbo > > > > On Fri, Apr 19, 2019 at 8:24 AM Willem Jiang <willem.ji...@gmail.com> > wrote: > > > > > > Hi, > > > > > > I just checked the binary release kit, it has the third party > > > dependency of LGPL (Hibernate core) which is belonged to Cataloge > > > X[1], it cannot be included in Apache Product. > > > I had to vote -1 for it. We can change the ORM lib to Eclipse Link to > > > fix this issue, I just fill an issue here[2]. > > > > I did some dig for this issue and confirm that this is introduced by > > this pull request[1]. > > The purpose of this pull request is to introduce the pagination to > > service query. > > In this pull request a dependency to spring-boot-starter-data-jpa was > added, > > which introduce the LGPL licensed dependency hibernate-core. > > The detailed dependency tree is shown below: > > > > [INFO] +- > org.springframework.boot:spring-boot-starter-data-jpa:jar:2.0.2.RELEASE:compile > > [INFO] | +- > org.springframework.boot:spring-boot-starter-aop:jar:2.0.2.RELEASE:compile > > [INFO] | | \- org.aspectj:aspectjweaver:jar:1.8.13:compile > > [INFO] | +- > org.springframework.boot:spring-boot-starter-jdbc:jar:2.0.2.RELEASE:compile > > [INFO] | | +- com.zaxxer:HikariCP:jar:2.7.9:compile > > [INFO] | | \- org.springframework:spring-jdbc:jar:5.0.6.RELEASE:compile > > [INFO] | +- org.hibernate:hibernate-core:jar:5.2.17.Final:compile > > [INFO] | | +- > > > org.hibernate.javax.persistence:hibernate-jpa-2.1-api:jar:1.0.0.Final:compile > > [INFO] | | +- antlr:antlr:jar:2.7.7:compile > > [INFO] | | +- org.jboss:jandex:jar:2.0.3.Final:compile > > [INFO] | | +- dom4j:dom4j:jar:1.6.1:compile > > [INFO] | | \- > > > org.hibernate.common:hibernate-commons-annotations:jar:5.0.1.Final:compile > > [INFO] | +- javax.transaction:javax.transaction-api:jar:1.2:compile > > [INFO] | +- > org.springframework.data:spring-data-jpa:jar:2.0.7.RELEASE:compile > > [INFO] | | +- > > org.springframework.data:spring-data-commons:jar:2.0.7.RELEASE:compile > > [INFO] | | +- org.springframework:spring-orm:jar:5.0.6.RELEASE:compile > > [INFO] | | \- org.springframework:spring-tx:jar:5.0.6.RELEASE:compile > > [INFO] | \- org.springframework:spring-aspects:jar:5.0.6.RELEASE:compile > > > > Actually the hiberate-core dependency is never used when implementing > > the feature, > > I think it can be excluded quietly. This is the safest way to solve this > issue. > > To dig further, the only dependency that required to be added is just > > spring-data-commons, > > which is Apache 2.0 Licensed[2]. (I just confirm the code can compile > > and start correctly with spring-data-commons, > > it might need to check more at runtime to ensure everything is working) > > > > We need to be very careful when new dependency is added, and ensure > > all the license (including transitive dependencies) are compatible > > with Apache. > > > > The community has identified several similar issues [3][4] for > > incubator-dubbo project, and similar actions should be done to > > incubator-dubbo-admin as well. > > > > To identify the issue automatically, I run the following command: > > > > mvn license:add-third-party -Dlicense.useMissingFile > > > > and grep the output: > > > > cat dubbo-admin-server/target/generated-sources/license/THIRD-PARTY.txt| > > grep "General Public License" > > (Eclipse Public License - v 1.0) (GNU Lesser General Public > > License) Logback Classic Module (ch.qos.logback:logback-classic:1.2.3 > > - http://logback.qos.ch/logback-classic) > > (Eclipse Public License - v 1.0) (GNU Lesser General Public > > License) Logback Core Module (ch.qos.logback:logback-core:1.2.3 - > > http://logback.qos.ch/logback-core) > > (GNU Lesser General Public License) Core Hibernate O/RM > > functionality (org.hibernate:hibernate-core:5.2.17.Final - > > http://hibernate.org) > > (GNU Lesser General Public License) Hibernate Commons Annotations > > (org.hibernate.common:hibernate-commons-annotations:5.0.1.Final - > > http://hibernate.org) > > > > The last 2 are both introduced by hibernate-core. A script to check > > license issue for dependencies was on the way[5]. > > > > [1] https://github.com/apache/incubator-dubbo-admin/pull/324 > > [2] > https://github.com/spring-projects/spring-data-commons/blob/master/src/main/resources/license.txt > > [3] > https://lists.apache.org/thread.html/2231c58509842fe4069f2091f00ea7fd5c4e6ae4bf8ce1a97b16e9c5@%3Cdev.dubbo.apache.org%3E > > [4] > https://lists.apache.org/thread.html/e3112c832415850779af2fe04aa7325d8d776144f3939cc63f5eab08@%3Cdev.dubbo.apache.org%3E > > [5] https://github.com/apache/incubator-dubbo/issues/3840 > > > > > > > > [1]https://www.apache.org/legal/resolved.html#category-x > > > [2]https://github.com/apache/incubator-dubbo-admin/issues/366 > > > > > > Willem Jiang > > > > > > Twitter: willemjiang > > > Weibo: 姜宁willem > > > > > > On Mon, Apr 15, 2019 at 10:24 AM Minxuan Zhuang <z82507...@gmail.com> > wrote: > > > > > > > > Hello Incubator Community, > > > > > > > > The Apache Dubbo community has voted on and approved a proposal to > release > > > > Apache Dubbo Admin (Incubating) version 0.2.0. > > > > > > > > We now kindly request the Incubator PMC members review and vote on > this > > > > incubator release. > > > > > > > > Apache Dubbo™ (incubating) is a high-performance, java based, open > source > > > > RPC framework. Dubbo offers three key functionalities, which include > > > > interface based remote call, fault tolerance & load balancing, and > > > > automatic service registration & discovery. > > > > > > > > > > > > Dubbo community vote and result thread: > > > > > https://lists.apache.org/thread.html/fc71a5f8c93b8c3606338b97a08c044af64ca3165e226aed37295a45@%3Cdev.dubbo.apache.org%3E > > > > > > > > The release candidates (RC3): > > > > * > https://dist.apache.org/repos/dist/dev/incubator/dubbo/dubbo-admin/0.2.0 > > > > < > https://dist.apache.org/repos/dist/dev/incubator/dubbo/dubbo-admin/0.2.0/ > >/* > > > > > > > > > > > > Git tag for the release (RC3): > > > > https://github.com/apache/incubator-dubbo-admin/releases/tag/0.2.0 > > > > > > > > Hash for the release tag: > > > > 37e23a7354e3da50914e075eb4676c7c2875ffa7 > > > > > > > > Release Notes: > > > > https://github.com/apache/incubator-dubbo-admin/releases/tag/0.2.0 > > > > > > > > > > > > The artifacts have been signed with Key : > > > > DA2108479B0C1E71, which can be > > > > found in the keys file: > > > > *https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS > > > > <https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS>* > > > > > > > > The vote will be open for at least 72 hours or until necessary > number of > > > > votes are reached. > > > > > > > > Please vote accordingly: > > > > > > > > [ ] +1 approve > > > > [ ] +0 no opinion > > > > [ ] -1 disapprove with the reason > > > > > > > > Thanks, > > > > The Apache Dubbo (Incubating) Team > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > > > -- > > Best Regards! > > Huxing > > > > -- > Best Regards! > Huxing > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
