[arch-dev-public] licensing issues with DB 6.0
Hi all, we just finished the db 6.0 rebuild in staging. I was pointed* to an issue with it's license though. It seems Oracle switched the license to AGPL with version 6.0. I am not an expert, but afaik this makes it only compatible with GPL3 clients and also enforces the AGPL terms on those. Debian had a similar discussion https://lists.debian.org/debian-legal/2013/07/msg00000.html If you think this is indeed a problem, I suggest to drop the rebuild for now and keep db-5. We could introduce a db6 package if packages really need that and are license-compatible. We might also want to try to disable db-functionality if possible and switch to alternative implementations. Greetings, Pierre *) https://bugs.php.net/bug.php?id=65426 -- Pierre Schmitz, https://pierre-schmitz.com
On 9 August 2013 11:31, Pierre Schmitz <pierre@archlinux.de> wrote:
Hi all,
we just finished the db 6.0 rebuild in staging. I was pointed* to an issue with it's license though. It seems Oracle switched the license to AGPL with version 6.0. I am not an expert, but afaik this makes it only compatible with GPL3 clients and also enforces the AGPL terms on those.
Debian had a similar discussion https://lists.debian.org/debian-legal/2013/07/msg00000.html
If you think this is indeed a problem, I suggest to drop the rebuild for now and keep db-5. We could introduce a db6 package if packages really need that and are license-compatible. We might also want to try to disable db-functionality if possible and switch to alternative implementations.
Greetings,
Pierre
*) https://bugs.php.net/bug.php?id=65426
-- Pierre Schmitz, https://pierre-schmitz.com
I would avoid DB 6 unless some software requires it. In my opinion DB 6 can't get widely adopted because of it's license anyway. Maybe someone will pick up db 5 and continue maintaining it. Something similar happened with MySQL and OpenOffice.org already and the results are pretty good. BTW, is it just me or the Oracle is really shitty when it comes to OSS? Lukas
After some reading the AGPLv3 license is not different from GPLv3 with one addition. Since many services now run in the cloud in AGPLv3 this is also covered as "distribution" of the code and must be done under the same rights that GPLv3 would require when shipping software as binary builds via some storage media. We do not change anything to the "db v6" code base. A quick overview over the rebuilt packages I can't see a pkg that is published under a non-free license. If we would be allowed to link to DBv6 if it would be under GPLv3 then we are also allowed to link to it under AGPLv3. I see no serious reason to not accept that license change. http://en.wikipedia.org/wiki/Affero_General_Public_License#Compatibility_wit... http://lwn.net/Articles/557820/ http://en.wikipedia.org/wiki/GPL_linking_exception I'm no expert in that stuff. Maybe someone dealing day by day with such stuff has more knowledge here. -Andy
Am 09.08.2013 19:54, schrieb Andreas Radke:
After some reading the AGPLv3 license is not different from GPLv3 with one addition. Since many services now run in the cloud in AGPLv3 this is also covered as "distribution" of the code and must be done under the same rights that GPLv3 would require when shipping software as binary builds via some storage media.
We do not change anything to the "db v6" code base. A quick overview over the rebuilt packages I can't see a pkg that is published under a non-free license.
If we would be allowed to link to DBv6 if it would be under GPLv3 then we are also allowed to link to it under AGPLv3.
I see no serious reason to not accept that license change.
If I got it right, the problem is that it's not possible to link to AGPL code within a program which has an incompatible license. So the linking exception does not apply here (as it does for e.g. LGPL). So only packages that are either AGPL3 themselves or GL3 can use DB6. Even GPL2 would not be possible; which is why Debian would need to relicense their apt package in order to use DB 6. Greetings, Pierre -- Pierre Schmitz, https://pierre-schmitz.com
I suggest the quick solution to drop the db v6 rebuild and stay with old db 5.3.21 to be on the safe side. We should check all packages on the rebuild list if they can be build without linking to Berkeley db at all (new Todo list). Maybe that way we can move db in a first step to extra and drop it later completely. -Andy
participants (3)
-
Andreas Radke
-
Lukas Jirkovsky
-
Pierre Schmitz