search

jnr / jnr-unixsocket

UNIX domain sockets (AF_UNIX) for Java
Apache License 2.0
278 stars 75 forks source link

Licence conflict #72

Closed iikirilov closed 5 years ago

iikirilov commented 5 years ago

Expected:

jnr-unixsocket and all of its dependencies should have compatible licenses.

Actual:

jnr-unixsocket is Apache 2 license but it depends on jnr-posix which is GPL. These are not compatible.

Reason:

The web3j library depends on this project.

sarxos commented 5 years ago

I'm not involved in this project but still I will add my few cents. I see that the jnr-posix is actually released under three license, namely EPL, GPL and LGPL. The GPL may be Apache 2 incompatible, but what with the other ones, the EPL and LGPL, respectively?

iikirilov commented 5 years ago

They are all incompatible. They are all copyleft which means if your project depends on GPL licensed code then it (your project) must also be GPL.

sarxos commented 5 years ago

But you choose the license you want to use, correct? So why not choose e.g. EPL instead of GPL if there is such an option given by creators of jnr-posix? I always thought it's possible when creators offers different licenses to choose from.

iikirilov commented 5 years ago

EPL, GPL and LGPL are all copyleft.

Apache, MIT and Creative Commons are not.

Also, I am not a legal expert.

iikirilov commented 5 years ago

This is a workaround for anyone interested.

  def withoutGPLLicensed = { exclude group: 'com.github.jnr', module: 'jnr-posix' }
  implementation 'org.web3j:core', withoutGPLLicensed
sarxos commented 5 years ago

Just FYI, this is what I found on this web page:

The Eclipse Foundation makes clear that, in their opinion, ‘merely interfacing or interoperating’ with an Eclipse plugin does not make your code a derivative work of the plugin

And:

the EPL is considered a weak copyleft license. Weak copyleft licenses requires you to disclose your source on source code, but not on binaries and therefore you can compile covered sources with others and distribute the resulting (merged) binaries under the licence of your choice. With ‘strong’ copyleft license, the GPL family, you are obligated to reuse the same licence in case of re-distribution of copies or derivatives on both source and binaries.

And:

If you redistribute a program with an EPL component, you are obligated to include the full license text and the copyrights.

Therefore it should be ok to use EPL as a license for jnr-posix and have other project licensed under Apache 2 as long as you don't modify jnr-posix itself (you use it the original form, i.e. as JAR downloaded from Maven repo) and fulfil EPL requirements simply by including respective license text in distribution if you redistribute jnr-posix in unmodified binary form along with your product.

So they may be incompatible but there should be no issue using EPL components in Apache 2 projects as long as you don't modify these EPL components and include license text in your distribution (e.g. if you redistribute dependencies as zip).

I solved similar issue in my projects by collecting all licenses from all dependencies and putting them in a separate directory in a zip file, e.g. here, regardless the fact if this is required or not.

iikirilov commented 5 years ago

You are right. Thanks for clarifying this.

I am currently using license-gradle-plugin and I see it is picking up all 3 licenses for jnr-posix. I will get in touch with them to see if it is configurable.

Cheers!