nehaljwani
commented
3 years ago cc @conda-forge/core @conda-forge/staged-recipes
Open FelixS90 opened 3 years ago
nehaljwani
commented
3 years ago cc @conda-forge/core @conda-forge/staged-recipes
jakirkham
commented
3 years ago Probably the thing to do is to split the package into shared libraries (if these can in fact be LGPL someone should check) and CLI tools (if these can in fact be GPL again someone should check). Most other packages just need the libraries. So we could then go through and update those packages (perhaps with a migrator) to get them to use just the library portion. This should allow most things where the GPL bit are not needed to ship under LGPL
GreatScherzo
commented
2 years ago This, I am having the exact problem in figuring out why is the xz package licensed under GPL.
I've posted questions on the stack exchange, if anyone wants to refer: https://opensource.stackexchange.com/questions/12496/using-condas-xz-package-for-proprietary-use https://stackoverflow.com/questions/70677496/determining-anaconda-xz-package-content
GreatScherzo
commented
2 years ago @FelixS90 Were you able to determine if the package includes the GNU getopt_long(which is licensed under LGPL) as well? Thanks a bunch!
GreatScherzo
commented
2 years ago I was able to get in touch with the author of lzma, Lasse Collin (bless his soul for answering my enquiry)
Here's his response
> I would to ask about the Python's binding for XZ Utils.
>
> From my understanding, the python's binding has only the liblzma
> component.
Bindings are usually written against a library and then liblzma is
enough.
> Is this the same for the xz package for anaconda? (Link to package
> page: https://anaconda.org/anaconda/xz)
> If it's not the same, what are the components and licenses in
> anaconda's xz package?
I downloaded Windows and Linux versions from that page and they seem to
include both liblzma and the command line tools. The Linux version even
includes the scripts (xzgrep etc.). The Windows version is built using
Visual Studio and there are two patches. I don't support building the
command line tools using Visual Studio so I cannot comment the Windows
build much.
From licensing point of view, on some platforms the command line tools
will include LGPLv2.1+ code (GNU getopt_long). The scripts are GPLv2+.
liblzma itself is public domain but binaries can contain code from the
toolchain (like Visual Studio or MinGW-w64) and that code can have its
own license restrictions (which people too often ignore).
I hope this helps.From his reply, it seems that the Linux version of the package includes the grep scripts. The command line tool may include the getopt_long component based on platforms, so its best to assume that the package is LGPLv2.1 at minimum.
Hope this helps everyone!
jakirkham
commented
2 years ago Thanks for the feedback!
If someone would like to try a PR to split out the packages into different outputs, it should be possible to get the right license on the right collections of things 🙂
jonashaag
commented
1 year ago I'm interested in working on this. I'd prefer to have the non-GPL tools shipped by default though, so my proposal is to have either two packages as follows:
or three packages:
xhochy
commented
1 year ago We should have three packages to split of libs from tools. You can take inspiration from zlib and glib on how to achieve this.
jonashaag
commented
1 year ago We should have three packages to split of libs from tools. You can take inspiration from
zlibandglibon how to achieve this.
What should go in each package?
xhochy
commented
1 year ago Let's wait for https://github.com/conda-forge/boost-feedstock/pull/164 to be merged. Then I would propose to have
libxz for the shared librarylibxz-dev(el) for everything you need to build againstxz-nongpl-tools for the tools that aren't GPL (happy to have a different name)xz-tools for all tools (depends on the former)The boost PR is not a technical requirement but a place where very central discussions about package splits are happening.
xhochy
commented
11 months ago @jonashaag Boost has been successfully split, you can continue here with the same pattern (in a simpler form).
jonashaag
commented
11 months ago I probably won’t have time to do so in the next days/weeks. But it’s on my todo list.
Issue: I was wondering whether there are indeed components in the shipped conda package subject to GPL as indicated through the license key saying "LGPL-2.1 and GPL-2.0".
Following https://tukaani.org/xz/ and the linked COPYING, the only parts of xz subject to GNU GPLv2+ (that are indeed shipped) are the "scripts to grep, diff, and view compressed files". In the package pulled in from sourceforge as coded in the xz feedstock meta.yaml, this corresponds to the files located in src/scripts.
However, the xz conda-forge package eventually only ships a very small subset, which DOES NOT include those scripts.
Thus, we are at maximum LGPL, if not even public domain "unless GNU getopt_long had to be compiled and linked in from the lib directory. The getopt_long code is under GNU LGPLv2.1+.".
Environment (
conda list):Details about
condaand system (conda info):