Overview

CloudStack uses a significant amount of third party software.  As part of the move to ASF there is a certain set of licenses that are compatible with ASF policy.  We need to make sure that every dependency we have is in that set.  If it's not we have to remove it.

Approved Licenses

The approved licenses are the followingApache License 2.0
Apache Software License 1.1. Including variants:
    PHP License 3.01
BSD (without advertising clause). Including variants:
    DOM4J License
MIT/X11
ICU
University of Illinois/NCSA
W3C Software License
X.Net
zlib/libpng
FSF autoconf license
DejaVu Fonts (Bitstream Vera/Arev licenses)
Academic Free License 3.0
Service+Component+Architecture+Specifications
OOXML XSD ECMA License
Microsoft Public License (MsPL)
Creative Commons Attribution (CC-A)
Creative Commons Copyright-Only Dedication
Python Software Foundation License
Adobe Postcript(R) AFM files
Boost Software License Version 1.0
Eclipse Distribution License 1.0

Binary dependencies

Component

License

Comment

Status

Actions

Alternatives?

paramiko

LGPL 2.1

Remove - place dependency in package and note dependency in source building documentation

Needs to be added to the project web-site and documentation as a system dependency.

We merely need to place a dependency on python-paramiko (it's shipped in EL since EL3 which means it should be ubiquitous.   This should be OK by ASF since the use of paramiko is optional.  It is used in tools/migration, which is the 1.0 to 2.1 code and can be deleted.  Paramiko there can be deleted as well.  The python test client uses it, so whatever RPM has the test client (if any) should have a dep on paramiko.

Used by:
client/bindir/cloud-update-xenserver-licenses.in
tools/marvin/marvin/remoteSSHClient.py
tools/marvin/setup.py
tools/migration/upgrade.py

Required by:
cloud.spec
debian/control
python/bindir/cloud-grab-dependent-library-versions

 

JavaMail

CDDL or GPL (use CDDL)

OK but requires attribution.   Need to include URL to homepage within distribution.

Included in LICENSE and NOTICE where appropriate.

File bug to replace with different SMTP library; Bug filed; Brett says the license is OK.   KEVIN: I think it's fine, we can close the bug?  But then need the URL.

David found a source download location that is CDDL only:  http://repo1.maven.org/maven2/javax/mail/mail/1.4/mail-1.4.jar

apache-commons-email?

Java Servlet Technology

Sun Microsystems Binary Code License

Remove or replace

 

We need to look at the BlackDuck scan results to see where this came from.

 

JavaServer Pages Standard Tag Library

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0

OK but requires attribution

Included in LICENSE and NOTICE where appropriate.

This comes from internationalization.

 

JUnit

BSD or Common Public License

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

The download that David found (http://repo1.maven.org/maven2/junit/junit/4.10/junit-4.10.jar) includes a BSD license.  However, http://www.junit.org/license is the CPL.

 

backport-util-concurrent

Creative Commons Public Domain Dedication

OK but requires attribution

Included in LICENSE and NOTICE where appropriate.

ensure attribution

 

JSch

JSch License

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

BSD-derived, OK?    I believe this is OK since many Apache projects use it.

 

iHarder.net - base64

Public Domain

No Change - Fine as Is

Alex checking if we can remove

XXX to find out if CS  uses this, possibly remove. This is in utils/src/com/cloud/utils/encoding/Base64.java at least.  It is also in test/src/com/cloud/sample/Base64.java

 

iControl.jar

GPL

Remove or receive approved license

Optional build item.  Will exclude from ASF release.

Kevin contact BigIP

 

JnetPcap

LGPLv3

Remove or receive approved license

Pending deletion of deps/cloud-jnetpcap.jar from the source tree.

Pradeep remove

 

libvirt 0.4.5

LGPLv3

Depend on distro

Optional build item, until we have a properly licensed version to target.

Pradeep remove and change CS to use distro-provided version.  this should be OK since you can depend on unapproved software if it's optional.  Clearly libvirt is optional since it is required for only one hypervisor.

 

manageontap

NetApp EULA

Remove or receive approved license

 

Kevin contact NetApp

 

NetScaler SDK

 

Remove or receive approved license

Optional build item, until we have a properly licensed version to target.

NetScaler team working to issue with Apache license. (kevin owns)

 

Trilead ssh

Trilead EULA

Remove or receive approved license

Included in LICENSE and NOTICE where appropriate.

XXX remove and use another ssh client

Orion

XAPI API

GPLv2

Remove or receive approved license

 

Kevin contact XenServer. Is this just the xapi Java bindings? If so that should be trivial to ensure that it's in our target distros.

 

Apache Tomcat

Apache License Version 2.0

No Change - Fine as Is

 

Frank find source

 

iBATIS for Java

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

Source is located at least here:
utils/src/com/cloud/utils/db/ScriptRunner.java - and it's a forked copy - we should send that back upstream.

 

XStream Library

BSD 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

Frank check if we can remove.

Requested status of removal, or if we should include it in the NOTICE and LICENSE files.

 

Apache Jakarta Commons Discovery

Apache 1.1

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache log4j

Apache 1.1

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache Web Services Axis

Apache 1.1

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache Ant

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache Jakarta Commons Codec

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache Jakarta HTTP Client

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache Jakarta HttpComponents

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache Jakarta HttpComponents

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache Web Services Axis

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache Xerces Java XML Parser

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache-Jakarta Collections

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache-Jakarta DBCP

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache-Jakarta Lang

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Apache-Web Services Commons Util

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Code Generation Library

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

ehcache

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

excanvas

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

google-gson

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Jakarta Commons-Logging

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

Jetty - Java HTTP Servlet Server

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

selenium

Apache License Version 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

jquery-easing

BSD 2.0

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

VMware Java SDK

Proprietary, freely redistributable, but certainly not open source.

Perhaps by the above?

Optional build item, until we have a properly licensed version to target.

(this is in deps/vmware-*)

 

Bouncy Castle Crypto APIs

MIT License V2

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

flot

MIT License V2

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

jquery-ui

MIT License V2

No Change - Fine as Is

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

jquery-validate

MIT License V2

Use under MIT

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

jqueryjs

MIT License V2

Use under MIT

Included in LICENSE and NOTICE where appropriate.

approved -- fine

 

reset.css

Public Domain

Unknown

Included in LICENSE and NOTICE where appropriate.

does ASF recognize public domain? can the author have given up his moral rights under copyright in the jurisdiction in which he resides/created the work?

 

URLEncoder

ASLv2

No Change - Fine as is

 

located in utils/src/com/cloud/utils/encoding/URLEncoder.java - double fork (original fork from java.net.URLEncoder by Craig McClanahan and Remy Maucherat, and then we also made changes)

 

OpenStack Swift Client

ASLv2

No Change - Fine as is

Included in LICENSE and NOTICE where appropriate.

located in scripts/storage/secondary/swift and scripts/vm/hypervisor/xenserver/swift

 

slf4j-api

MIT

No Change - Fine as is

Included in LICENSE and NOTICE where appropriate.

located in deps/awsapi-lib/rampart-lib - Needs attribution

 

QUnit v1.4.0pre

MIT

No Change - Fine as is

Included in LICENSE and NOTICE where appropriate.

located in ui/lib/qunit/qunit.js and ui/lib/qunit/qunit.css

 


Source Dependencies

Component

License

Status

Comment

Action

GlassFish

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0

Included in LICENSE and NOTICE where appropriate.

Apache site states that "small amounts" of such source are OK.

Is this a "small amount"?  Needs attribution or removal.

GSON Closure Compiler

Apache License Version 2.0

Included in LICENSE and NOTICE where appropriate.

No Change - Fine as Is
Located in tools/gcc

approved – fine

 

WAF

BSD

Included in LICENSE and NOTICE where appropriate.

No Change - Fine as is

Included in LICENSE and NOTICE files

 


  • No labels