On 03/16/2016 03:50 AM, Richard Fontana wrote: > On Tue, Mar 15, 2016 at 01:20:24PM +0100, Pavel Raiskup wrote: >> Marek Goldmann wrote: >> >>> Most probably we'll need to package OSGi Enterprise, but I'm not sure >>> about licensing of this project. >>> >>> The code itself (included in the.jar file, another story...) is ASL 2.0, >>> but if you try to download it from the website, you need to agree to this: >>> >>> http://www.osgi.org/Download/Release5?info=nothanks >>> >>> Which is no more, no less OSGi Specification License, listed as bad >>> license on the wiki: >>> >>> http://fedoraproject.org/wiki/Licensing#Bad_Licenses >>> >>> You can also download it directly, without the need to agree to the >>> license on the website: >>> >>> http://www.osgi.org/download/r4v42/osgi.enterprise.jar >>> http://www.osgi.org/download/r5/osgi.enterprise-5.0.0.jar >>> >>> How should we deal with it? Are we authorized to package it under ASL 2.0? >>> >>> Thanks! >> >> Hi, I am unable to find any response to this message in mail archives. >> >> The Y2016 update: >> >> * How have we dealt with this? >> * Are we OK to package the osgi.enterprise now? >> * Do we depend on osgi.enterprise namespace somewhere >> (Fedora/CentOS/RHEL) >> * if that is not Fedora friendly license, is it OK to depend on it >> upstream? > > Do you need to package anything other than the code that's under the > Apache License? OSGi libraries are widely used and I made several attempts to package them. From what I remember there are two main problems: 1. In order to download anything from upstream site [1] you need to accept proprietary license first. It was described above in more detail. 2. There is no source code provided (understood as preferable form for editing, as defined in Open Source Definition, or in the Apache License itself). Code included in *-sources.jar files is not source code - there are no build instructions, test cases or such there - only pure Java code, which is meant primarily for debugging. They have a Github account [2], but it does *not* contain code for most common OSGi libraries. I failed to find any documentation on how source code can be obtained. So to answer your question: we don't need to package anything except software which is (supposedly) under Apache License, but we are not sure whether (1) there are additional non-free licensing terms besides the Apache License that apply to the software, making it non-free, and (2) whether the software actually meets definitions of free software and Open Source Definition - requirement of source code availability is questionable here. [1] https://www.osgi.org/ [2] https://github.com/osgi/ -- Mikolaj Izdebski Software Engineer, Red Hat IRC: mizdebsk _______________________________________________ legal mailing list legal@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/legal@xxxxxxxxxxxxxxxxxxxxxxx
