Licensing questions regarding Commercial use (continued from Salvis.com Forum)

[S-Koell]

This is a continuation of a Thread ( https://www.salvis.com/blog/forum/plsql-cop/custom-validator-how-to-override-checks-and-other-questions/#post-129 ).
@PhilippSalvisberg answer to the question of licensing plsql cop / validators was:

You have not licensed PL/SQL Cop. Hence you may use just the preview/trial version. This version has some limitations regarding time and volume. Additionally, you must not use the product for commercial purposes in any way. This means for example that you must not check production code other than for preview/trial purposes. The same is true for the validators.

Please note that you can use the SQL Developer extension to check also production code. But only based on the code within an editor window and with the default validator which covers the Trivadis Guidelines without the naming conventions. If you configure other validators within SQL Developer then the restrictions mentioned above apply.

First of all: Thanks for your detailed answer! But I have still questions...

So in summary for use in production:

• PLSQL Cop Extension for SQL Developer: No License required
• PLSQL Cop Validators (also as an addition to SQL Developer): License required
• PLSQL Cop (command line/automation): License required

My first question with that answer is the following:

• The PLSQL Cop SQL Developer Plugin ( Link ) has the following license:
  Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License
• The Custom Validators ( Link ) has also the
  Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

How in the world should I now know that I can use the Plugin in production but not the custom validators (except asking you ;) )? There is no distinction in the license. Not even in the settings of PLSQL Cop in SQL Dev (which according to you is license free) is a hint that you need a license for that when specifying a custom validator.

My second question:
Say I only need the SQL Dev Plugin with Custom Validators in production (only editor window checks).
If I understand it correctly I should buy a license for that. But as far as I see there is only the "full" plsql cop license which is for the most part (I guess) for the automated code checking for whole repositories via command line tools. (Which is great by the way! But not needed by us at the moment)
The price of the whole license seems a bit too much just for our requirement to add a custom validator.
Any thoughts on this?

[PhilippSalvisberg]

How in the world should I now know that I can use the Plugin in production but not the custom validators (except asking you ;) )? There is no distinction in the license. Not even in the settings of PLSQL Cop in SQL Dev (which according to you is license free) is a hint that you need a license for that when specifying a custom validator.

PL/SQL Cop (the CLI) is bundled with a Trial/Preview license key that is limited in time and volume. Currently the following limitations are listed when you run the CLI:

Trial/Preview version
- valid thru: 2020-03-31
- valid for versions less than: 3
- max. files: unlimited
- max. lines: 5000
- max. commands: 200
- max. bytes: 400000

We explicitly state that a commercial license is required for production use.

Developing custom validators is not possible without the libraries distributed with the CLI. We consider the development of custom validators for production use a violation of the preview/trial license. It does not matter if you use the validator in the CLI or via the SonarQube plugin or within the SQL Developer extension.

You are allowed to configure the released validators in this repository within SQL Developer for production use. But configuring your custom validators within SQL Developer is a violation of the license.

As explained in the license details it is a good idea to contact the rights holder for clarification.

I hope this answers your question.

Say I only need the SQL Dev Plugin with Custom Validators in production (only editor window checks).
If I understand it correctly I should buy a license for that.

Yes, that is correct.

But as far as I see there is only the "full" plsql cop license which is for the most part (I guess) for the automated code checking for whole repositories via command line tools. (Which is great by the way! But not needed by us at the moment)

Actually a commercial license of PL/SQL Cop allows you to develop custom validators for production use. We consider that a great value of the product.

The price of the whole license seems a bit too much just for our requirement to add a custom validator.

I think it really depends on the scope of the custom validators. If it is just the requirement we discussed in issue #8 then I agree. In this case I recommend to stick with the provided validators and live with the limitations. In this case either with false positives or by disabling a somewhat useful check to avoid false positives.

Any thoughts on this?

I discussed this with our product manager.

Our recommendation is to manage the requirements for additional validators in the this repository. Based on an issue (as you've done that for #8). Why not develop custom validators with the preview/trial version and donate the result as pull request. We can then include it in a release. And as explained before, you are allowed to configure our provided validators in PL/SQL Cop for SQL Developer also for production use. Making custom validators for everyone, sounds like a good idea for us.

We are looking forward to your contributions.

[S-Koell]

Thanks for your response!

You are allowed to configure the released validators in this repository within SQL Developer for production use. But configuring your custom validators within SQL Developer is a violation of the license.

Ahhh okay. That's the main reason for my confusion! As stated in my first post I understood that also the plsql-cop-validators repository is not allowed for production use.
Because previously you said:

Please note that you can use the SQL Developer extension to check also production code. But only based on the code within an editor window and with the default validator which covers the Trivadis Guidelines without the naming conventions. If you configure other validators within SQL Developer then the restrictions mentioned above apply.

And because the checking of the naming conventions is part of the plsql-cop-validators repository I concluded that I'm not allowed to use them in production.

Now that it is clear, that I CAN use e.g. the TrivadisGuidelines3Plus validator in production let me restate my inital questions:

• Am I allowed to change the TrivadisGuidelines3Plus slightly in the way that they reflect different prefixes for variable names ( eg instead of public static String PREFIX_IN_PARAMETER_NAME = "in_" we want "pin_") and use that in production without license?
• Am I now allowed to build a validators.jar with the OverrideTrivadisGuidelines.xtend you provided for issue How to override an existing check #8 (and therefore is now part of plsql-cop-validators)? Or do I need to wait till there is a new release of plsql-cop-validators with that one included?
• Is there a way to use multiple validators in SQL Dev? Let's say I want TrivadisGuidelines3Plus AND OverrideTrivadisGuidelines.
  I could merge them and build a custom validator but that is kind of the same as the first question.

Why not develop custom validators with the preview/trial version and donate the result as pull request. We can then include it in a release. And as explained before, you are allowed to configure our provided validators in PL/SQL Cop for SQL Developer also for production use

I'd love to do that if it was easy/straightforward. But as seen in issue #8 it's really the opposite for me. Even if I had found out which method I would need to override I still dont have any clue.
E.g. how is SimpleExpressionStringValue defined?
Is there a documentation for all the classes etc which are used?
I would have many more questions regarding the development of custom stuff but that is off topic here.

[PhilippSalvisberg]

Am I allowed to change the TrivadisGuidelines3Plus slightly in the way that they reflect different prefixes for variable names ( eg instead of public static String PREFIX_IN_PARAMETER_NAME = "in_" we want "pin_") and use that in production without license?

No.

As explained before, you are using the PL/SQL Cop CLI libraries for production purposes (building an amended validator). The extend of the change does not matter.

In this case it might be a good idea to contribute a change to the TrivadisGuidelines3Plus validator which optionally reads a property file (e.g. from the user's home directory) to override chosen prefixes and suffixes. Such a change does not need specific PL/SQL Cop know how and should be doable for you. Maybe it is better to provide an additional validator. This should be discussed in another issue.

Am I now allowed to build a validators.jar with the OverrideTrivadisGuidelines.xtend you provided for issue #8 (and therefore is now part of plsql-cop-validators)?

No.

Or do I need to wait till there is a new release of plsql-cop-validators with that one included?

Yes, you need to wait. Now that I closed the issue #8 (assuming that it fits your need based on this issue), there is no reason to delay the release.

Is there a way to use multiple validators in SQL Dev?

No, you can only define one validator in the preferences of the SQL Developer Extension. However, behind the scenes such a validator can be a collection of several validators.

Let's say I want TrivadisGuidelines3Plus AND OverrideTrivadisGuidelines.

The TrivadisGuidelines3Plus extends the TrivadisGuidelines3 validator. OverrideTrivadisGuidelines extends also TrivadisGuidelines3 validator. It's easy to change it to extend TrivadisGuidelines3Plus.

[S-Koell]

Okay now everything is clear. Thanks for all that clarification but I'd rather ask multiple times than reaching the wrong conclusions.

The TrivadisGuidelines3Plus extends the TrivadisGuidelines3 validator. OverrideTrivadisGuidelines extends also TrivadisGuidelines3 validator. It's easy to change it to extend TrivadisGuidelines3Plus.

Sure, but as long as I want to be without license I have to rely on the owner of this project (you) to make that change.

In this case it might be a good idea to contribute a change to the TrivadisGuidelines3Plus validator which optionally reads a property file (e.g. from the user's home directory) to override chosen prefixes and suffixes. Such a change does not need specific PL/SQL Cop know how and should be doable for you. Maybe it is better to provide an additional validator. This should be discussed in another issue.

I will definitely look into that!

[PhilippSalvisberg]

Thanks for all that clarification but I'd rather ask multiple times than reaching the wrong conclusions.

You're welcome. I'm happy that it is clear now.

(...) It's easy to change it to extend TrivadisGuidelines3Plus.

Sure, but as long as I want to be without license I have to rely on the owner of this project (you) to make that change.

You could open an issue and you could provide a PR for it. Right? ;-)

(...) optionally reads a property file

I will definitely look into that!

I'm looking forward to it. TIA.

[S-Koell]

You could open an issue and you could provide a PR for it. Right? ;-)

Sure but it would still be your choice to include it, wouldnt it?
But bear with me, I've never used Github as a contributor (except issues ;) ) before. But this is the perfect opportunity for me to learn :)

[PhilippSalvisberg]

You could open an issue and you could provide a PR for it. Right? ;-)

Sure but it would still be your choice to include it, wouldnt it?

Correct. That's why it make sense to discuss it beforehand in an issue.