On 2012-04-23 10:04:06 (+0200), Ludwig Nussel
Pascal Bleser wrote:
On 2012-04-20 15:58:21 (+0200), Ludwig Nussel
wrote: [...] and you probably don't even know what license that random dump of bundled jars has.
That is indeed quite a task but from more than 10 years of day to day experience of coding with java (and lots of open source java libraries and bits), I can say that the set is large (as said, there is a huge amount of open source software in java, and a high degree of reuse of libraries), but it's not totally random. What I mean to say, I guess, is that you keep running into mostly the same jars.
How large is that common set? Maybe having the top most used jars would help reduce the amount of extra jars an applications pcakager needs to care for.
I would say certainly at least around 50 libraries (log4j, slf4j, lots of apache commons libraries, etc...).
[...] The same accounts for non-java stuff too though, you can run into libraries written in C that say "GPL" on freshmeat (or freshcode, as it's called now) but effectively has different copyrights in individual source code files in its archive.
That isn't nearly as common as with java I guess and we have the automatic licence digger in Factory to detect such bastards.
No it's not more common with java than with C/C++. I personally do run into such cases sometimes when packaging C/C++ stuff.
Calling it non-free is the closest match.
Sorry, are you saying the Apache Software License or the GPL/LGPL is not considered "oss" any more? Surely you're not.
Well, the random samples I've seen recently had proprietary .jars bundled in software that said it's GPL. I don't know what the result of such a bundling is, but I as user feel fooled if that's called free software. So even if an application claims it's GPL but crucial components of it are proprietary you can't put that into an 'oss' repo. Maybe it's even illegal to put something like that anywhere. Only a lawyer can tell but IANAL.
If by proprietary you mean "non open source license" then that is quite possible, because a few reference implementations of non-core standards around Java have historically been offered under a free-to-use but not open source license by Sun (and now Oracle). There aren't that many of them, but some are really key stuff, such as in the JEE space, which is why you keep running into them here and there. That being said, there are always open source alternatives (e.g. the servlet or EJB APIs and implementations from Glassfish, JBoss, Apache, ...). When you run into such non open source libraries bundled with an open source application/library, then it's almost always that the upstream devs didn't know about the alternatives. Or that they were Windows users and didn't know nor care much about copyrights. At least not enough to notice that that "free to use" library from Sun/Oracle may not be shipped as something that is supposedly "open source"... well, might even be a matter of opinion, as the software itself is e.g. under ASL, but it depends on something that is not open source. That is of course unacceptable to _us_ as we build a distribution that only ships open source components and we cannot depend on something that isn't. I run into such situations occasionally and use alternative implementations of those standards (as said, usually from the Glassfish, JBoss or Apache projects). Just replace one jar file with the other, done. From a copyright compatibility point of view: I think that there is rarely any "pure GPL" software written in Java, it's almost always "GPL with exception", because the GPL was written with C in mind (see all the text about "linking" and "aggregating") but it doesn't clearly relate to how Java works. The "GPL with exception" permits using something (say, a jar file) that is under that "GPL with exception" license with another jar that is under Apache license, etc..., and also clarifies that you may write non GPL software that uses a jar file that is under that "GPL with exception" copyright. On a side note, the GPL 3 in combination with the ASL 2.0 has clarified that situation with regards to copyright compatibility (as in, they are explicitly compatible). Also, there have been numerous statements from the FSF that what the "GPL with exception" clarifies is permitted with the "pure GPL" (even 2.0) in their opinion (and I guess they should know it). cheers -- -o) Pascal Bleser /\\ http://opensuse.org -- we haz green _\_v http://fosdem.org -- we haz conf