licensing of pkg/utils/ is confusing #1279
Comments
This is turning problematic for us in kubernetes (see kubernetes/sig-release#223, kubernetes/steering#57). @obnoxxx can pkg/utils be dual-licensed under LGPLv3 and Apache 2? Also, @sigma's comment in kubernetes/kubernetes#66305 (comment) has some more context. |
@sigma Thanks for filing this! Originally we meant to license only the needed parts (those that are required for compiling into kubernetes) under apache2 (+LGPL) and keep everything else under GPL/LGPL. There must have been an oversight, or else some dependency was introduced later. We will make sure to have the licensing issue fixed. Snide remark: Of course an alternative solution would be to give kubernetes a real open source license, aka a flavor of (L)GPL. ;-) |
We started cleaning up |
@obnoxxx Thanks for the update! |
@obnoxxx thanks for driving the cleanup of pkg/utils. Looks like 3 files in there that we need were originally Apache License as you mentioned earlier. Hope i am not over-stepping my bounds with my suggestion here... Is restarting from the files with old licenses acceptable? So if i picked the old files (with the original licenses) and then layered the patches that were applied to them in a branch. If this is acceptable, i can open a PR. Please take a look at: 511022b...dims:restore-licenses-in-pkg-utils cc @raghavendra-talur @jarrpa @lpabon @nixpanic as their patches are re-applied after we revert the changes (and start basically back) from 4a31dd8 |
OK from my point of view. The change I made was not substancial and I'll
accept any reasonable Open Source license change for that.
|
Thanks for including me on this, but I passed the project along to Red Hat more than a year ago when I went to Portworx. |
@obnoxxx @phlogistonjohn your thoughts please? |
We established the model of a dual licensing scheme of Apache license v2 or LGPLv3+ for those parts that need to be linked into kubernetes. Going back to only Apache is at this time not a good option any more. I prefer to re-license to Apachev2 or LGPLv3+. We are working on it. Cleaning up pkg/utils (moving out stuff that is not needed in the client) and will re-license afterwards. As we do this, we are also planning to fix the relationship with the external heketi/utils repo. |
@obnoxxx thanks for your response. that sounds good! some of us here would like to help, if there are things we can do, please let us know. if possible we would like to get this into kubernetes 1.13, please see schedule at https://github.com/kubernetes/sig-release/tree/master/releases/release-1.13. So looks like we should shoot for latest by Nov 9th. Is this possible? Thanks, |
@obnoxxx, Looks like there are only 3 files in pkg/utils and all are used in the rest api scenario, So is it enough to do this? dims@9325fc2 Or should we update https://github.com/heketi/utils with the changes needed first and then switch over to using the file from there? |
Thanks @dims for the PR. We will get this done at the earliest. |
@dims the plan is to move stuff from https://github.com/heketi/utils into the heketi main repo, relicense the in-tree copy of pgk/utils, and stop using the external one entirely. There's no real point in that external repo anyways (it's a kitchen sink of misc stuff and I doubt anyone outside heketi is actually using it). Bare with us, we'll soon be there... |
@dims, oh, I see you referenced a patch (@humblec that is not technically a PR, btw... ;-) ). This is indeed pretty much what's needed for the current content of the pkg/utils dir, and what I wanted to propose today (or so) anyways. And I'd be usually happy to take it from you (with some modification of the commit msg), but in this kind of fundamental and critical licensing issue, we might prefer that the patch comes from one of the repo maintainers. We'll discuss and have a PR up this way or another, soon. |
@dims and yeah, Nov 9 should not be an issue! |
@obnoxxx AWESOME! thanks. yes, that's why i hesitated to start a PR :) ( |
This change takes the source files for the formerly external "heketi/rest" package and makes it a server utility library (under "heketi/heketi/server/rest") with a license updated to match the other server components. The imports of the source files are adjusted to match the internal "pkg/" utility packages, rather than the external "heketi/utils" package. This change is part of the effort to standardize and unify licensing of the heketi packages as noted in issue heketi#1279. With this change the heketi server always uses the updated in-tree utility functions. Signed-off-by: John Mulligan <jmulligan@redhat.com>
@obnoxxx @humblec -- Would you mind providing an update on this? We're dangerously close to the end of the Kubernetes 1.13 release cycle and will soon have to make a decision about whether or not we can actually continue to include the GlusterFS in-tree plugin in this licensing state. Please let us know as soon as you can. Thanks in advance! |
@obnoxxx Can we address this issue in priority here in this repo ? As soon as its done , I can pull the changes in kubernetes vendor tree , We have limited time in hand for |
@justaugustus I am working with heketi maintainers ( @obnoxxx @phlogistonjohn @raghavendra-talur ) to get this done in full priority. |
@justaugustus sure!! iic, this has to be done before |
code freeze for kube is next week, they are wanting this updated before the freeze i believe. |
@childsb Yep, so I think its on |
@humblec sorry i should have been clear.. the KUBE code freeze is next week and we need the change here in time to pickup before code freeze.. so ideally its updated here by 11/12 or 11/13 so we can make the change in kube before the freeze. |
Agreed. Even I should have been clear :) , what I meant was the change should be merged in kube before `11/16. Thanks :) |
Yep. Echoing what you both said. Sooner is always better to allow us to get through approvals and ensure CI signal is clean going into the freeze. |
Huge +1 to getting the upstream Heketi change in by this week (11/6) or early next week, so we can have the k/k changes merged by 1.,13 Code freeze on 11/6. Thanks all for working on this. |
Here's the tracking issue to update licenses on k/k end kubernetes/kubernetes#70802 |
@childsb writes:
Apologies for the delay. We did work on the prep stuff in the background, but got derailed again and again... Will look into this now. Update here by 11/12 of 11/13 should be doable. Thanks for extending the original statement of 11/09 somewhat. :-) |
I'm going to prep a PR to rip gluster out of Kubernetes, just in case we can't get this sorted in time. |
In a sequence of commits fc8e4c5 31b83a8 7c3cd4c Heketi was relicensed from Apache to the following model: - the rest api client code is under dual Apache2 or LGPLv3+ - all other parts (server, cli, tests, ...) are under dual LGPLv3+ or GPLv2 Now an oversight/mistake was made in that parts of the pkg/utils are used in the client and hence apache-licensed projects that compile in heketi client, like kubernetes, have a license problem since they pull GPL code in. See: heketi#1279 kubernetes/kubernetes#35557 kubernetes/kubernetes#70802 This patch fixes the oversight by relicensing the remaining pieces of pkg/utils to the same dual Apache2 or LGPLv3+ license after those parts that are only used in the server have been moved out of pkg/utils. Resolves: heketi#1279 Signed-off-by: Michael Adam <obnox@redhat.com> Signed-off-by: John Mulligan <jmulligan@redhat.com>
@obnoxxx Thanks! :) It wasn't a threat - as per sig-architecture today, this was my AI. :) to k8s folks: is this the last directory we need fixed? |
@thockin ok, thanks for the clarification! :-) |
@thockin we ( not me! but @humblec ) did a test run of what is in heketi repo currently ( https://patch-diff.githubusercontent.com/raw/kubernetes/kubernetes/pull/70811.patch ). pretty sure that's the last directory as of what's in there today. Thanks, |
In a sequence of commits fc8e4c5 31b83a8 7c3cd4c Heketi was relicensed from Apache to the following model: - the rest api client code is under dual Apache2 or LGPLv3+ - all other parts (server, cli, tests, ...) are under dual LGPLv3+ or GPLv2 Now an oversight/mistake was made in that parts of the pkg/utils are used in the client and hence apache-licensed projects that compile in heketi client, like kubernetes, have a license problem since they pull GPL code in. See: #1279 kubernetes/kubernetes#35557 kubernetes/kubernetes#70802 This patch fixes the oversight by relicensing the remaining pieces of pkg/utils to the same dual Apache2 or LGPLv3+ license after those parts that are only used in the server have been moved out of pkg/utils. Resolves: #1279 Signed-off-by: Michael Adam <obnox@redhat.com> Signed-off-by: John Mulligan <jmulligan@redhat.com>
Thank you everyone for rallying so quickly on this!! |
Thanks so much all. I will ping the k/k issue to take it from here. |
@AishSundar I have updated the PR , waiting for tests to pass. kubernetes/kubernetes#70811 |
@humblec your patch LGTM, i commented the same in the PR, thanks! |
Thanks so much. I've never been happier to close a PR than the one I sent yesterday :) |
This change takes the source files for the formerly external "heketi/rest" package and makes it a server utility library (under "heketi/heketi/server/rest") with a license updated to match the other server components. The imports of the source files are adjusted to match the internal "pkg/" utility packages, rather than the external "heketi/utils" package. This change is part of the effort to standardize and unify licensing of the heketi packages as noted in issue heketi#1279. With this change the heketi server always uses the updated in-tree utility functions. Signed-off-by: John Mulligan <jmulligan@redhat.com>
This change takes the source files for the formerly external "heketi/rest" package and makes it a server utility library (under "heketi/heketi/server/rest") with a license updated to match the other server components. The imports of the source files are adjusted to match the internal "pkg/" utility packages, rather than the external "heketi/utils" package. This change is part of the effort to standardize and unify licensing of the heketi packages as noted in issue #1279. With this change the heketi server always uses the updated in-tree utility functions. Signed-off-by: John Mulligan <jmulligan@redhat.com>
Kind of issue
Bug
Observed behavior
As it is, the files in pkg/utils are dual-licensed under LGPLv3 and GPLv2.
But at the same time, the package is a dependency of client/api/go-client, which is dual-licensed under LGPLv3 and Apache 2
Expected/desired behavior
It would seem more logical to have the same approach as with pkg/glusterfs/api, which is also dual-licensed under LGPLv3 and Apache 2, as it provides a clearer path to downstream consumers who decide to take the client code under that Apache 2 terms.
Thanks for any clarification !
The text was updated successfully, but these errors were encountered: