Closed YuanTingHsieh closed 4 months ago
@YuanTingHsieh Thanks for asking! We'll investigate it and get back to you asap.
Hi @YuanTingHsieh thank you very much for your advice.
gmpy2
is LGPL-3.0+
instead of GPL-3.0
https://pypi.org/project/gmpy2/ gmpy2
is used as a dynamic library. If I remember correctly, LGPL-3.0+
has a linking exception, which means that if we use gmpy2
as a dynamic library, there is no problem using it in the Apache 2 project. Of course, your suggestion is very helpful, and we will consider it.
@fangxiaoran @justalittlenoob thanks for the response!
Note that if users do not install gmpy2 then they won't be able to use this python binding directly.
No problem!
Note that if users do not install gmpy2 then they won't be able to use this python binding directly.
Absolutely correct. We will fully consider your suggestion.
if the gmpy2 is required to make the library work, I think Yuan-Ting's comment means that this is not optional dynamic linked library, this is almost like a statically linked library as it is always required. In such as case, the LGPL v3 exception is still apply or not ?
On top of that. even exception is allowed, any commercial software or closed software with your library, that intend to be distributed to their customers, will require the source code per LGPL v3 license. So the question is: If the Intel's library is using LGPL v3, can it still claims to be Apache 2 license ? or it should be LGPL v3 license ?
Answer my own question, seems Apache 2 with LGPL v3 is allowed ( after discussion with several other people). We are ok now. thank you
I am a developer of NVFlare.
We were looking for HE libraries that uses Apache 2 license.
While in the process of installation, we discovered that the files located at https://github.com/intel/pailliercryptolib_python/blob/development/src/ipcl_python/ipcl_python.py#L15 and https://github.com/intel/pailliercryptolib_python/blob/development/requirements.txt#L7 are utilizing the gmpy2 library, which is licensed under GPL-3.0 (https://github.com/aleaxit/gmpy/tree/master).
We are concerned that integrating a library under GPL-3.0 might conflict with the Apache 2 license.
Therefore, we kindly request if it would be possible to provide an alternative version that does not incorporate any GPL-licensed libraries. This could entail either removing gmpy2 entirely or substituting it with an alternative library to perform the inversion.
Thank you for your attention.