Jason,

!L [1]


> whether it's legit to bundle GPL jars (Apache doesn't -- our license looks a lot like theirs).

Not legit to bundle GPL .jars that are "part of the software".  See this article for discussion of over-broadness of popular understanding of viral nature of GPL.

uPortal 2.6 does not bundle any GPL software.  It does bundle LGPL software, which is unambiguously permitted so long as it is not modified.

The "FLOSS exception" where applied to otherwise GPL code by the copyright holder allows the code to be included *unmodified* with any FSF or OSI approved license.  This would allow uPortal to use but not to modify the Toro portlets, e.g.

It's not totally clear that uPortal's license falls under the FLOSS exception because, for no good reason, it's not actually OSI approved.  Lack of OSI approved license is an ongoing drag on uPortal, excepting us from Google Summer of Code opportunities, scaring would-be adopters, etc.  Would be a nice thing to fix, either by migrating to a better license or by getting our license formally OSI approved.  (In principle it meets the requirements; someone's just gotta do the work of getting it run through their process).

> Does Maven get us around this (since we're not redistributing the artifacts?)

Yes.  If the project used Maven, then uPortal would be shipping instructions on where to get the .jars, not the .jars themselves.

For lots of other good reasons, I'd like to see uPortal 2 use Maven for uPortal 2.7.  CAS3 and uP3 seem to have worked through a lot of the difficulties of adoption; SVN allows moving files around to be more Maven-friendly.

Andrew

[1]: I'm not a lawyer.  Nothing in this email should be construed as legal advice.

On Jun 1, 2007, at 1:29 PM, Andrew Petro wrote:

I see two needs of an opensource project respecting the licenses of its dependencies.

One is to actually comply with the terms of those licenses, which often includes a requirement of acknowledgement and inclusion of the license under which the dependency is used in and redistributed with the project.

Two is to document this compliance in such a way that one can be reasonably confident in it and that it is maintainable.

For example, it might technically be sufficient for license X to appear somewhere in the project and to ship Jar Y which is available under license X.  It's still desirable to articulate that that's what we're doing, otherwise over and over again people will have to wonder about whether and how we're shipping Jar Y.

Moving this to uportal-dev...

Hmmm... biggest license compliance question for me is whether it's legit to bundle GPL jars (Apache doesn't -- our license looks a lot like theirs). 

Does Maven get us around this (since we're not redistributing the artifacts?)

Jason

--

Jason Shao
Application Developer
Rutgers University, Office of Instructional & Research Technology
v. 732-445-8726 | f. 732-445-5539 | [EMAIL PROTECTED] | http://jay.shao.org



--
Join your friends and colleagues at JA-SIG with Altitude: June 24-27, 2007 in Denver, CO USA.

Featuring keynotes by: Phil Windley, Matt Raible, Matt Asay
Sessions on topics including: CAS, uPortal, Portlets, Sakai, Identity Management, and Open Source

For more information & registration visit: http://www.ja-sig.org/conferences/07summer/index.html
---
You are currently subscribed to [email protected] as: %%emailaddr%%.
To unsubscribe send a blank email to [EMAIL PROTECTED]


--
Join your friends and colleagues at JA-SIG with Altitude: June 24-27, 2007 in Denver, CO USA.

Featuring keynotes by: Phil Windley, Matt Raible, Matt Asay
Sessions on topics including: CAS, uPortal, Portlets, Sakai, Identity Management, and Open Source

For more information & registration visit: http://www.ja-sig.org/conferences/07summer/index.html
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]

Reply via email to