Closed iikirilov closed 5 years ago
I'm not involved in this project but still I will add my few cents. I see that the jnr-posix
is actually released under three license, namely EPL, GPL and LGPL. The GPL may be Apache 2 incompatible, but what with the other ones, the EPL and LGPL, respectively?
They are all incompatible. They are all copyleft
which means if your project depends on GPL licensed code then it (your project) must also be GPL.
But you choose the license you want to use, correct? So why not choose e.g. EPL instead of GPL if there is such an option given by creators of jnr-posix
? I always thought it's possible when creators offers different licenses to choose from.
EPL, GPL and LGPL are all copyleft.
Apache, MIT and Creative Commons are not.
Also, I am not a legal expert.
This is a workaround for anyone interested.
def withoutGPLLicensed = { exclude group: 'com.github.jnr', module: 'jnr-posix' }
implementation 'org.web3j:core', withoutGPLLicensed
Just FYI, this is what I found on this web page:
The Eclipse Foundation makes clear that, in their opinion, ‘merely interfacing or interoperating’ with an Eclipse plugin does not make your code a derivative work of the plugin
And:
the EPL is considered a weak copyleft license. Weak copyleft licenses requires you to disclose your source on source code, but not on binaries and therefore you can compile covered sources with others and distribute the resulting (merged) binaries under the licence of your choice. With ‘strong’ copyleft license, the GPL family, you are obligated to reuse the same licence in case of re-distribution of copies or derivatives on both source and binaries.
And:
If you redistribute a program with an EPL component, you are obligated to include the full license text and the copyrights.
Therefore it should be ok to use EPL as a license for jnr-posix
and have other project licensed under Apache 2 as long as you don't modify jnr-posix
itself (you use it the original form, i.e. as JAR downloaded from Maven repo) and fulfil EPL requirements simply by including respective license text in distribution if you redistribute jnr-posix
in unmodified binary form along with your product.
So they may be incompatible but there should be no issue using EPL components in Apache 2 projects as long as you don't modify these EPL components and include license text in your distribution (e.g. if you redistribute dependencies as zip).
I solved similar issue in my projects by collecting all licenses from all dependencies and putting them in a separate directory in a zip file, e.g. here, regardless the fact if this is required or not.
You are right. Thanks for clarifying this.
I am currently using license-gradle-plugin and I see it is picking up all 3 licenses for jnr-posix
. I will get in touch with them to see if it is configurable.
Cheers!
Expected:
jnr-unixsocket
and all of its dependencies should have compatible licenses.Actual:
jnr-unixsocket
is Apache 2 license but it depends onjnr-posix
which is GPL. These are not compatible.Reason:
The web3j library depends on this project.