Usage of the Ghidra Decompiler in a GPLv2 Licensed Project

[spv420]

Hi, sorry to post a GitHub issue for this, but I couldn't find a better way to contact the Ghidra team.

I'm working on a software project for reverse engineering and software/hardware research (like development) myself, and I'd possibly like to use the Ghidra decompiler in the project. Given that the decompiler is licensed under Apache 2.0 (to my knowledge), is it permissible to use it with a GPLv2 project? IIRC the decompiler communicates with the Java components of Ghidra via stdin/stdout (or something similar), so that may make the licensing restrictions of Apache 2.0 and GPLv2 essentially disappear, but I'm not sure.

Thanks! ~ spv

[d-millar]

@spv420 Both the Apache Foundation and the FSF consider the Apache 2.0 and GPLv2 licenses to be incompatible, so linking the two will put you in a bind. I do believe there are exceptions if the two pieces of the code are not linked, e.g. if you use the pieces in some form of client-server setup, say, communicating over a socket. Whether stdin/stdout pipes meet the criterion for that exception is probably a question better answered by a lawyer, especially if you’re considering distributing your project widely. We do our best to honor the terms of all the licenses in our software, but a lot of these licensing issues are very complicated. Getting some advice from a qualified source is never a bad idea.

[d-millar]

P.S. None of us are lawyers, so you should definitely NOT consider answers from us definitive. 😊

[spv420]

Alright, fair enough, thanks! The project (if you're interested in checking it out, see medusa-re.org for info, I'm working on my stylesheets right now though!) is meant partially for me to learn about reverse engineering and such, so it might be good to try to write my own decompiler anyway.

I do recall that radare2 has a Ghidra decompiler plugin/whatever-they-call-it, and IIRC radare2 is under the GPLv2, so maybe looking there might find me some answers. IIRC Apache 2.0 and GPLv3 are compatible so that may be why, if they (radare2) use the "any later version" clause. I'll have to check the licenses of the other projects I use to see if they use the "any later version" clause or are available under GPLv3. If so, I may just relicense Medusa under GPLv3. (I currently do not use the "any later version" clause, mostly due to irrational paranoia on my part.)

Thanks regardless! ~ spv

[d-millar]

I don't know if it's helpful (or more discouraging) but there's a fairly detailed discussion of Apache's understanding of their license compatibility with various GPL versions at https://www.apache.org/licenses/GPL-compatibility.html. Looks like an interesting project, though!

[spv420]

Thanks!