zentol commented on code in PR #570: URL: https://github.com/apache/flink-web/pull/570#discussion_r965784125
########## _posts/2022-09-08-akka-license-change.md: ########## @@ -0,0 +1,68 @@ +--- +layout: post +title: "Regarding Akka's licensing change" +date: 2022-09-08T08:00:00.000Z +categories: news +authors: +- Chesnay: + name: "Chesnay Schepler" + +--- + +On September 7th Lightbend announced a [license change](https://www.lightbend.com/blog/why-we-are-changing-the-license-for-akka) for the Akka project, the TL;DR being that you will need a commercial license to use future versions of Akka (2.7+) in production if you exceed a certain revenue threshold. + +Within a few hours of the announcement several people reached out to the Flink project, worrying about the impact this has on Flink, as we use Akka internally. + +The purpose of the blogpost is to clarify our position on the matter. + +Please be aware that this topic is still quite fresh, and things are subject to change. +Should anything significant change we will amend this blogpost and inform you via the usual channels. + +# Give me the short version + +Flink is not in any immediate danger and we will ensure that users are not affected by this change. + +The licensing of Flink will not change. + +We will not use Akka versions with the new license. + +# What's the plan going forward? + +_For now_, we'll stay on Akka 2.6, the current latest version that is still available under the original license. +Historically Akka has been incredibly stable, and combined with our limited use of features, we do not expect this to be a problem. + +Meanwhile, we will + +* observe how the situation unfolds (in particular w.r.t. community forks) +* look into a replacement for Akka. + +Should a community fork be created (which at this time seems possible) we will switch to that fork in all likely-hood for 1.15+. + +## What if a new security vulnerabilities is found in Akka 2.6? + +That is the big unknown. + +Even though we will be able to upgrade to 2.6.20 (the (apparently) last planned release for Akka 2.6) in Flink 1.17, the unfortunate reality is that [2.6 will no longer be supported](https://github.com/akka/akka/pull/31561#issuecomment-1239217602) from that point onwards. +Should a CVE be discovered after that it is unlikely to be fixed in Akka 2.6. + +We cannot provide a definitive answer as to how that case would be handled, as it depends on what the CVE is and/or whether a community fork already exists at the time. + +# What is the projects view on the licensing change? + +We will not comment on the _licensing change_. It is ultimately up to Lightbend to license their project however they see fit. + +That said, we do find it questionable to put users, _overnight_, in a position where they either + +* a) have to use an officially unsupported version +* b) buy a license for using a supported version (which at this time doesn't even exist). Review Comment: I kept fighting with myself over this (because I don't like making such statements "for the project"), but it highlights how ridiculous the situation is. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
