Use ASF 3rd Party License Policy for module evaluation #79
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To current third party dependency criterium is not actionable: > Third party dependencies use an Apache 2.0 compatible license This creates some difficulties for module developers and module evaluators and requires verbose explanations that can easily been avoided. Change to what we usually use: > Inclusion of third party dependencies complies with [ASF 3rd Party License Policy](https://apache.org/legal/resolved.html) > * org.z3950.zing:cql-java is allowed, even if it is LGPL-2.1-only The exemption of cql-java is needed because Spring Way modules frequently use folio-spring-cql that uses cql2pgjson that uses cql-java: * https://github.com/search?q=org%3Afolio-org+folio-spring-cql+language%3A%22Maven+POM%22&type=code&l=Maven+POM * https://github.com/folio-org/folio-spring-support/blob/v8.1.2/folio-spring-cql/pom.xml#L35 * https://github.com/folio-org/raml-module-builder/blob/v35.2.2/cql2pgjson/pom.xml#L58 This criterium can be changed as soon as better third party requirements get proposed.
maccabeelevine
approved these changes
Oct 28, 2024
There was a problem hiding this comment.
Thanks @julianladisch, IMHO what you did with Category B looks great.
If TC agrees, we should discuss how to communicate that to dev teams, as it would be a change.
|
As discussed at the TC meeting, we should create a follow-on PR with additional information/links to relevant tools evaluators can use for this. |
|
We should also investigate how open source projects typically handle attribution, and follow suit |
jgreben
approved these changes
Jan 29, 2025
| @@ -45,7 +45,11 @@ Please see [Before Development](MODULE_EVALUATION_TEMPLATE#before-development) f | |||
| * _This is not applicable to libraries_ | |||
| * Module descriptor MUST include interface requirements for all consumed APIs (3, 5) | |||
| * _This is not applicable to libraries_ | |||
| * Third party dependencies use an Apache 2.0 compatible license (2) | |||
| * Inclusion of third party dependencies complies with [ASF 3rd Party License Policy](https://apache.org/legal/resolved.html) (2) | |||
There was a problem hiding this comment.
This is good because it provides a resource to describe the compatible licensing.
| @@ -45,7 +45,11 @@ Please see [Before Development](MODULE_EVALUATION_TEMPLATE#before-development) f | |||
| * _This is not applicable to libraries_ | |||
| * Module descriptor MUST include interface requirements for all consumed APIs (3, 5) | |||
| * _This is not applicable to libraries_ | |||
| * Third party dependencies use an Apache 2.0 compatible license (2) | |||
| * Inclusion of third party dependencies complies with [ASF 3rd Party License Policy](https://apache.org/legal/resolved.html) (2) | |||
| * Uses README for [Category B Appropriately Labelled Condition](https://apache.org/legal/resolved.html#appropriately-labelled-condition) | |||
There was a problem hiding this comment.
I am fine with using the README for the appropriately labeled conditions (since ASF uses the README location as the "example" location for that). I assume we can later add other libraries to this list as needed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current third party dependency criterium is not actionable:
The missing list of allowed licenses creates some difficulties for module developers and module evaluators and requires verbose explanations that can easily been avoided.
Change the criterium to what we usually use:
The exemption of cql-java is needed because Spring Way modules frequently use folio-spring-cql that uses cql2pgjson that uses cql-java:
The exemption of marc4j is needed because several modules already use it:
The exemption of hibernate is needed because most Spring way modules already use it, it's a Spring Framework dependency.
This criterium can be changed as soon as better third party requirements get proposed.
Automation of the license compliance check is out of scope of this pull request.