Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Please clarify Apache 2.0 license and if it applies to older versions of CUPS as well #5174
I know that older versions of CUPS that have already been published under the terms of LGPLv2/GPLv2 are going to remain available for use under those same terms.
However, I am wondering, if we are now also permitted to use older versions of CUPS under the terms of the Apache 2.0 license separately and instead of the LGPLv2/GPLv2 licensing terms?
For example, hypothetically, if I have a project that includes code that was taken from release-2.0.0 but that code no longer appears in the newer versions of the CUPS code base (which is licensed under the terms of Apache 2.0), do I now have permission to use those files (the release-2.0.0 code) under the terms of the Apache 2.0 license or does that code remain exclusively for use under the terms of LGPLv2/GPLv2?
Since Apache 2.0 and LGPLv2/GPLv2 are apparently incompatible licenses, this creates a hypothetical conundrum for me, since it means I could not patch older versions of the CUPS code base (or derivative works of the older code base) with code taken from newer versions of the code base.
Your clarification and guidance on this matter is greatly appreciated and I thank you in advance for your time.
@Conan-Kudo I know you are joking, but please let me respond... :) Thanks!
@joshgay I've made my boss and our legal folks aware of your concerns; not sure what will come of it, but will update you as soon as I have an official answer about what we'll do for backporting/back-licensing bug fixes for previous versions of CUPS. As for making prior versions of CUPS available under the ASL2, Apple will not be doing that...
Generally speaking, any security patches we publish, e.g., for CERT advisories, are provided for multiple versions of CUPS and under the terms of the license for each version of CUPS. I don't see that changing, but that would mean GPL2/LGPL2 for earlier versions of CUPS and ASL2 for CUPS 2.3 and beyond.
Non-security bug fixes are currently just pushed to master (ASL2). While we don't post separate patch files to bug reports for specific CUPS versions, often the same changes will apply to older CUPS releases and those bug fixes are typically changes to a few lines of code and not major new content. I will try to get clarification from Apple legal on this situation so that we can clearly communicate which changes are available for use in older CUPS releases (under the GPL2/LGPL2) and which ones are considered new content/features.
@michaelrsweet and @Conan-Kudo thank you both for your replies and also for escalating my concerns upward. The information you have provided is very helpful and I imagine any additional clarifications you can provide in the future on licensing of backports will also be appreciated by GNU/Linux distro developers and other CUPS package maintainers/distributors.
@michaelrsweet Just adding proposition of solution from cups-devel mailing list - same solution use LLVM and I hope it is acceptable for Debian too (it is acceptable for Fedora).
LLVM uses exception of Apache license for GPLv2  and adds this paragraph to license file:
In addition, if you combine or link compiled forms of this Software with software that is licensed under the GPLv2 (“Combined Software”) and if a court of competent jurisdiction determines that the patent provision (Section 3), the indemnity provision (Section 9) or other Section of the License conflicts with the conditions of the GPLv2, you may retroactively and prospectively choose to deem waived or otherwise exclude such Section(s) of the License, but only in their entirety and only with respect to the Combined Software.
Just to mention, I cannot package CUPS 2.3 for Fedora until this licensing issue isn't solved :( .
Yes. still waiting... :/
There are no plans to replace GNU TLS with anything else at this point. As for mbedTLS (PKA PolarSSL), I can't see us adopting it since the license options are Apache 2.0 without exceptions and GNU GPL (not LGPL), making it incompatible with a lot of existing code linking against libcups.