Hi > That option is based on my understanding that linking to > "hibernate-core" does not create a derivative work of > "hibernate-core". > Yes, when compiling the source code and run the incubator-dubbo-admin > code, the hibernate-core binary will be included, this > will create a derivative work of "hibernate-core". As long as user do > not distribute it, I think it is fine to use it. > This is the same case as using "spring-boot-starter-data-jpa". > However, it becomes a problem when user want to distributed the > incubator-dubbo-admin binary, it must not be licensed as Apache > license, but should only be GPL/LGPL licensed. > This creates a risk that some user won't use this software because of > the potential license issue, which is not what we want. > So as long as an Apache project does not distribute the binary, IMO it is fine. > That is my understanding of why this is an option. It is not a good > option, but I think it is an option.
As an Apache project, we should make sure re-distribution friendly, no matter what the user intends to do. So I still think only keep them optional, and the user could download and use them if they want by themselves. For the license part, I am not an expert, even not close, but I prefer to follow the Apache suggestion at this moment. Unless the board or legal team change that. As it belongs to Catalog X[1] now and also supported by your answer, LGPL is not friendly to re-distribution. I still consider this a license issue. Also, you could bring this discussion to legal ml, I think. [1] https://apache.org/legal/resolved.html#category-x Sheng Wu 吴晟 Apache SkyWalking, ShardingSphere, Zipkin Twitter, wusheng1108 Huxing Zhang <hux...@apache.org> 于2019年4月22日周一 上午10:18写道: > Hi, > > On Sun, Apr 21, 2019 at 11:11 PM Sheng Wu <wu.sheng.841...@gmail.com> > wrote: > > > > Hi. > > > > > 1. Stop distribute the binary of incubator-dubbo-admin > > > > I think "stop distribute the binary" would NOT change the fact the source > > release could lead users to use `hiberante-core`. I doubt this is an > option. > > That option is based on my understanding that linking to > "hibernate-core" does not create a derivative work of > "hibernate-core". > Yes, when compiling the source code and run the incubator-dubbo-admin > code, the hibernate-core binary will be included, this > will create a derivative work of "hibernate-core". As long as user do > not distribute it, I think it is fine to use it. > This is the same case as using "spring-boot-starter-data-jpa". > However, it becomes a problem when user want to distributed the > incubator-dubbo-admin binary, it must not be licensed as Apache > license, but should only be GPL/LGPL licensed. > This creates a risk that some user won't use this software because of > the potential license issue, which is not what we want. > So as long as an Apache project does not distribute the binary, IMO it is > fine. > That is my understanding of why this is an option. It is not a good > option, but I think it is an option. > > > > > Also based on the license issue, you should consider canceling this vote, > > and move the further discussion to dev ml. > > I agree that cancel this vote is the safest way for now, before > everything is cleared. > > > > > > > Sheng Wu 吴晟 > > > > Apache SkyWalking, ShardingSphere, Zipkin > > Twitter, wusheng1108 > > > > > > Huxing Zhang <hux...@apache.org> 于2019年4月21日周日 下午11:02写道: > > > > > Hi, > > > > > > I am thinking why spring-boot-starter-data-jpa depends on LGPL > > > licensed library "hibernate-core", and can still be Apache 2.0 > > > licensed. > > > I am reading [1]. In section 5 it says: > > > > > > A program that contains no derivative of any portion of the Library, > > > but is designed to work with the Library by being compiled or linked > > > with it, is called a "work that uses the Library". Such a work, in > > > isolation, is not a derivative work of the Library, and therefore > > > falls outside the scope of this License. > > > > > > I think spring-boot-starter-data-jpa falls in to this case. It is a > > > "work that uses the Library". > > > > > > The source code of incubator-dubbo-admin should also falls into this > > > case, because it does not contain any portion of the hibernate-core. > > > Based on it and explanation here[2], I think the source code can be > > > released anyway. Is my understanding correct? > > > > > > Next, the LGPL license says: > > > > > > However, linking a "work that uses the Library" with the Library > > > creates an executable that is a derivative of the Library (because it > > > contains portions of the Library), rather than a "work that uses the > > > library". The executable is therefore covered by this License. > > > > > > The binary distribution of incuabator-dubbo-admin falls into this case > > > because it creates an executable that contains binary of > > > hibernate-core. Therefore it is a "work based on the library". As a > > > derivative of hibernate-core, it must be licensed with LGPL/GPL, which > > > is not allowed as an Apache product, and eventually causes the > > > incompatibility. > > > > > > If my understanding is correct, there are at least 4 ways to solve this > > > issue: > > > 1. Stop distribute the binary of incubator-dubbo-admin > > > 2. Make the feature optional, as explained here[3] > > > 3. Stop depending on hiberante-core > > > 4. Choose other Apache compatible equivalent > > > > > > I recommend to go with number 3 in my last thread. > > > > > > > > > [1] https://opensource.org/licenses/LGPL-2.1 > > > [2] https://www.apache.org/legal/resolved.html#prohibited > > > [3] https://www.apache.org/legal/resolved.html#optional > > > > > > On Sun, Apr 21, 2019 at 10:40 AM Huxing Zhang <hux...@apache.org> > wrote: > > > > > > > > Hi, > > > > > > > > ccing dev@dubbo > > > > > > > > On Fri, Apr 19, 2019 at 8:24 AM Willem Jiang <willem.ji...@gmail.com > > > > > wrote: > > > > > > > > > > Hi, > > > > > > > > > > I just checked the binary release kit, it has the third party > > > > > dependency of LGPL (Hibernate core) which is belonged to Cataloge > > > > > X[1], it cannot be included in Apache Product. > > > > > I had to vote -1 for it. We can change the ORM lib to Eclipse Link > to > > > > > fix this issue, I just fill an issue here[2]. > > > > > > > > I did some dig for this issue and confirm that this is introduced by > > > > this pull request[1]. > > > > The purpose of this pull request is to introduce the pagination to > > > > service query. > > > > In this pull request a dependency to spring-boot-starter-data-jpa was > > > added, > > > > which introduce the LGPL licensed dependency hibernate-core. > > > > The detailed dependency tree is shown below: > > > > > > > > [INFO] +- > > > > org.springframework.boot:spring-boot-starter-data-jpa:jar:2.0.2.RELEASE:compile > > > > [INFO] | +- > > > > org.springframework.boot:spring-boot-starter-aop:jar:2.0.2.RELEASE:compile > > > > [INFO] | | \- org.aspectj:aspectjweaver:jar:1.8.13:compile > > > > [INFO] | +- > > > > org.springframework.boot:spring-boot-starter-jdbc:jar:2.0.2.RELEASE:compile > > > > [INFO] | | +- com.zaxxer:HikariCP:jar:2.7.9:compile > > > > [INFO] | | \- > org.springframework:spring-jdbc:jar:5.0.6.RELEASE:compile > > > > [INFO] | +- org.hibernate:hibernate-core:jar:5.2.17.Final:compile > > > > [INFO] | | +- > > > > > > > > org.hibernate.javax.persistence:hibernate-jpa-2.1-api:jar:1.0.0.Final:compile > > > > [INFO] | | +- antlr:antlr:jar:2.7.7:compile > > > > [INFO] | | +- org.jboss:jandex:jar:2.0.3.Final:compile > > > > [INFO] | | +- dom4j:dom4j:jar:1.6.1:compile > > > > [INFO] | | \- > > > > > > > > org.hibernate.common:hibernate-commons-annotations:jar:5.0.1.Final:compile > > > > [INFO] | +- javax.transaction:javax.transaction-api:jar:1.2:compile > > > > [INFO] | +- > > > org.springframework.data:spring-data-jpa:jar:2.0.7.RELEASE:compile > > > > [INFO] | | +- > > > > > org.springframework.data:spring-data-commons:jar:2.0.7.RELEASE:compile > > > > [INFO] | | +- > org.springframework:spring-orm:jar:5.0.6.RELEASE:compile > > > > [INFO] | | \- > org.springframework:spring-tx:jar:5.0.6.RELEASE:compile > > > > [INFO] | \- > org.springframework:spring-aspects:jar:5.0.6.RELEASE:compile > > > > > > > > Actually the hiberate-core dependency is never used when implementing > > > > the feature, > > > > I think it can be excluded quietly. This is the safest way to solve > this > > > issue. > > > > To dig further, the only dependency that required to be added is just > > > > spring-data-commons, > > > > which is Apache 2.0 Licensed[2]. (I just confirm the code can compile > > > > and start correctly with spring-data-commons, > > > > it might need to check more at runtime to ensure everything is > working) > > > > > > > > We need to be very careful when new dependency is added, and ensure > > > > all the license (including transitive dependencies) are compatible > > > > with Apache. > > > > > > > > The community has identified several similar issues [3][4] for > > > > incubator-dubbo project, and similar actions should be done to > > > > incubator-dubbo-admin as well. > > > > > > > > To identify the issue automatically, I run the following command: > > > > > > > > mvn license:add-third-party -Dlicense.useMissingFile > > > > > > > > and grep the output: > > > > > > > > cat > dubbo-admin-server/target/generated-sources/license/THIRD-PARTY.txt| > > > > grep "General Public License" > > > > (Eclipse Public License - v 1.0) (GNU Lesser General Public > > > > License) Logback Classic Module (ch.qos.logback:logback-classic:1.2.3 > > > > - http://logback.qos.ch/logback-classic) > > > > (Eclipse Public License - v 1.0) (GNU Lesser General Public > > > > License) Logback Core Module (ch.qos.logback:logback-core:1.2.3 - > > > > http://logback.qos.ch/logback-core) > > > > (GNU Lesser General Public License) Core Hibernate O/RM > > > > functionality (org.hibernate:hibernate-core:5.2.17.Final - > > > > http://hibernate.org) > > > > (GNU Lesser General Public License) Hibernate Commons > Annotations > > > > (org.hibernate.common:hibernate-commons-annotations:5.0.1.Final - > > > > http://hibernate.org) > > > > > > > > The last 2 are both introduced by hibernate-core. A script to check > > > > license issue for dependencies was on the way[5]. > > > > > > > > [1] https://github.com/apache/incubator-dubbo-admin/pull/324 > > > > [2] > > > > https://github.com/spring-projects/spring-data-commons/blob/master/src/main/resources/license.txt > > > > [3] > > > > https://lists.apache.org/thread.html/2231c58509842fe4069f2091f00ea7fd5c4e6ae4bf8ce1a97b16e9c5@%3Cdev.dubbo.apache.org%3E > > > > [4] > > > > https://lists.apache.org/thread.html/e3112c832415850779af2fe04aa7325d8d776144f3939cc63f5eab08@%3Cdev.dubbo.apache.org%3E > > > > [5] https://github.com/apache/incubator-dubbo/issues/3840 > > > > > > > > > > > > > > [1]https://www.apache.org/legal/resolved.html#category-x > > > > > [2]https://github.com/apache/incubator-dubbo-admin/issues/366 > > > > > > > > > > Willem Jiang > > > > > > > > > > Twitter: willemjiang > > > > > Weibo: 姜宁willem > > > > > > > > > > On Mon, Apr 15, 2019 at 10:24 AM Minxuan Zhuang < > z82507...@gmail.com> > > > wrote: > > > > > > > > > > > > Hello Incubator Community, > > > > > > > > > > > > The Apache Dubbo community has voted on and approved a proposal > to > > > release > > > > > > Apache Dubbo Admin (Incubating) version 0.2.0. > > > > > > > > > > > > We now kindly request the Incubator PMC members review and vote > on > > > this > > > > > > incubator release. > > > > > > > > > > > > Apache Dubbo™ (incubating) is a high-performance, java based, > open > > > source > > > > > > RPC framework. Dubbo offers three key functionalities, which > include > > > > > > interface based remote call, fault tolerance & load balancing, > and > > > > > > automatic service registration & discovery. > > > > > > > > > > > > > > > > > > Dubbo community vote and result thread: > > > > > > > > > > https://lists.apache.org/thread.html/fc71a5f8c93b8c3606338b97a08c044af64ca3165e226aed37295a45@%3Cdev.dubbo.apache.org%3E > > > > > > > > > > > > The release candidates (RC3): > > > > > > * > > > > https://dist.apache.org/repos/dist/dev/incubator/dubbo/dubbo-admin/0.2.0 > > > > > > < > > > > https://dist.apache.org/repos/dist/dev/incubator/dubbo/dubbo-admin/0.2.0/ > > > >/* > > > > > > > > > > > > > > > > > > Git tag for the release (RC3): > > > > > > > https://github.com/apache/incubator-dubbo-admin/releases/tag/0.2.0 > > > > > > > > > > > > Hash for the release tag: > > > > > > 37e23a7354e3da50914e075eb4676c7c2875ffa7 > > > > > > > > > > > > Release Notes: > > > > > > > https://github.com/apache/incubator-dubbo-admin/releases/tag/0.2.0 > > > > > > > > > > > > > > > > > > The artifacts have been signed with Key : > > > > > > DA2108479B0C1E71, which can be > > > > > > found in the keys file: > > > > > > *https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS > > > > > > <https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS>* > > > > > > > > > > > > The vote will be open for at least 72 hours or until necessary > > > number of > > > > > > votes are reached. > > > > > > > > > > > > Please vote accordingly: > > > > > > > > > > > > [ ] +1 approve > > > > > > [ ] +0 no opinion > > > > > > [ ] -1 disapprove with the reason > > > > > > > > > > > > Thanks, > > > > > > The Apache Dubbo (Incubating) Team > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > > > > > > > > > > > -- > > > > Best Regards! > > > > Huxing > > > > > > > > > > > > -- > > > Best Regards! > > > Huxing > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > > > > -- > Best Regards! > Huxing > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
