Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

licensing information out of date? #3198

Closed
busbey opened this issue Jul 30, 2015 · 8 comments
Closed

licensing information out of date? #3198

busbey opened this issue Jul 30, 2015 · 8 comments
Labels
JRuby 9000 packaging
Milestone
JRuby 9.0.1.0

Comments

@busbey
Copy link
Contributor

busbey commented Jul 30, 2015

It looks like the COPYING details for 9.0.0.0 didn't get updated for the switch to Ruby 2.2.

  1. The COPYING file still references the ruby scripts from MRI for 1.8 and 1.9, which AFAICT are no longer present
  2. Similarly, it does not mention the ruby scripts that are present (incl which version of MRI they're from)
  3. LICENSE.RUBY appears to be the "Ruby License" associated with the MRI <= 1.9.2 (GPL or Matz conditions) As of MRI 1.9.3+, the "Ruby License" switched to be BSD-2-Clause or Matz conditions

Presuming the included stuff in lib/ruby/stdlib | lib/ruby/truffle/mri is from a 2.2.0+ version, could we update things appropriately?

Expanding the section to cover the other implementations unders lib/ruby/truffle would also make it easier for downstream users of jruby.
headius added a commit that referenced this issue Aug 6, 2015
@headius
Clean up license information a bit for #3198.
2da0320 
This isn't a finished job but I made the following changes:

* Updated path to the Ruby standard library
* Removed Java libraries we no longer use from COPYING
* Removed paths to jar files we no longer version
* Added a few libraries we do use now
* Updated CRuby's license
* Added BSDL for CRuby's license

I believe we're still missing some Java libraries.
@headius
Copy link
Member

headius commented Aug 6, 2015

I've made the changes you pointed out plus a few more, but we probably should do a bit more auditing.

  • There are libraries we use now not listed in COPYING. Since they're pulled in and shaded by Maven, I'm unclear whether we need to list them at all (since we only distribute them in binary form and only at release time). @mkristian what's the usual way people handle this? Is there a way to generate a listing of all dependencies with the licenses they use?
  • The JRuby+Truffle library depends on Truffle from Oracle, licensed as GPL+CPE I believe. Unsure where this information should go.
  • We now ship more gems built-in than we did before, and I don't believe most of these are listed. For example, many of @mkristian's maven-related gems.

Thanks for pointing out how stale this file had become. Hopefully it's a bit closer to being perfect now. Let's work together and see if we can get it there.

@headius headius added this to the JRuby 9.0.1.0 milestone Aug 6, 2015
@busbey
Copy link
Contributor Author

busbey commented Aug 6, 2015

If it's helpful, I can point you towards how the ASF handles these kinds of license notifications and explain how we apply the policy within Apache HBase. (it's how I ended up finding this issue. ;) )

@busbey
Copy link
Contributor Author

busbey commented Aug 6, 2015

One side question, is the JRuby+Truffle library always shipped with JRuby 9k / is it needed to run? Is Truffle from Oracle only licensed as GPL+CPE?

I ask because I'm in the process of getting HBase to update our use of JRuby from 1.6.8 to 9k and a GPL dependency will be a blocker for us due to ASF policy.

@busbey
Copy link
Contributor Author

busbey commented Aug 6, 2015

Did some quick research

  • Confirmed that Truffle is GPLv2+CPE only (ref openjdk faq)
  • Looks like JRuby doesn't bundle Truffle in the artifacts a downstream project like HBase would consume through maven, and the dependency is an optional opt-in runtime choice (ref JRuby Truffle wiki page)

Presuming that second bit is accurate, that should be fine for ASF projects.

@mkristian
Copy link
Member

a quick answer regarding truffle. truffle only comes with the jruby-dist artifacts and jruby-jars.gem. all other maven artifacts do not depend or include truffle.

jruby-core and jruby-complete to shade some dependencies and rename the asm package names. and then jruby-stdlib comes with a bunch of embedded gems and jars.

I know how some maven projects pack those licenses into META-INF somehow. really need to look around a bit. maven itself does have a dedicated license for each single jar which comes with maven-dist tar-ball. I guess something like this is needed for jruby as well.

@enebo
Copy link
Member

enebo commented Aug 10, 2015

COPYING has been updated and Truffle is not part of our dist or main Maven artifacts. For additional licensing info on Truffle we should open a followup issue since it is unrelated to 9.0.1.0.

@enebo enebo closed this as completed Aug 10, 2015
@chrisseaton
Copy link
Contributor

I don't think there are any Truffle licensing questions are there? The code in this repo is licensed as per headers. We include some Rubinius and rubinius-api code that is detailed in COPYING. Truffle is not bundled any more, so the actual license of Truffle doesn't matter. We're trying to be very clear about licensing so if there is any doubt at all let us know.

@enebo
Copy link
Member

enebo commented Aug 10, 2015

@chrisseaton great. Then this issue should be enough then...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
JRuby 9000 packaging
Projects
None yet
Milestone
JRuby 9.0.1.0
Development

No branches or pull requests
5 participants
@headius @enebo @mkristian @busbey @chrisseaton