Component

License

Comment

Status / Actions

Alternatives?

MySQL Connector/J

GPL 2.0

Remove or obtain a commercial license

http://svn.apache.org/repos/asf/apr/apr/trunk/README.   Needs investigation.

paramiko

LGPL 2.1

Remove - place dependency in package and note dependency in source building documentation

We merely need to place a dependency on python-paramiko (it's shipped in EL since EL3 which means it should be ubiquitous.   This should be OK by ASF since the use of paramiko is optional.  It is used in tools/migration, which is the 1.0 to 2.1 code and can be deleted.  Paramiko there can be deleted as well.  The python test client uses it, so whatever RPM has the test client (if any) should have a dep on paramiko.
Created the following issues to deal with this:
 

JavaMail

CDDL or GPL (use CDDL)

OK but requires attribution.   Need to include URL to homepage within distribution.

File bug to replace with different SMTP library; Bug filed; Brett says the license is OK.   KEVIN: I think it's fine, we can close the bug?  But then need the URL.

apache-commons-email?

Java Servlet Technology

Sun Microsystems Binary Code License

Remove or replace

We need to look at the BlackDuck scan results to see where this came from.

JavaServer Pages Standard Tag Library

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0

OK but requires attribution

This comes from internationalization.

JUnit

Common Public License

No Change - Fine as Is

JUnit seems widely used in apache projects, so I believe this is in public domain.

backport-util-concurrent

Creative Commons Public Domain Dedication

OK but requires attribution

ensure attribution

JSch

JSch License

No Change - Fine as Is

BSD-derived, OK?    I believe this is OK since many Apache projects use it.

iHarder.net - base64

Public Domain

No Change - Fine as Is

XXX to find out if CS  uses this, possibly remove. This is in utils/src/com/cloud/utils/encoding/Base64.java at least.

iControl.jar

GPL

Remove or receive approved license

Kevin contact BigIP

JnetPcap

LGPLv3

Remove or receive approved license

Pradeep remove

libvirt 0.4.5

LGPLv3

Depend on distro

Pradeep remove and change CS to use distro-provided version.  this should be OK since you can depend on unapproved software if it's optional.  Clearly libvirt is optional since it is required for only one hypervisor.

manageontap

NetApp EULA

Remove or receive approved license

Kevin contact NetApp

NetScaler SDK

Remove or receive approved license

NetScaler team working to issue with Apache license. (kevin owns)

Trilead ssh

Trilead EULA

Remove or receive approved license

XXX remove and use another ssh client

Orion

XAPI API

GPLv2

Remove or receive approved license

Kevin contact XenServer. Is this just the xapi Java bindings? If so that should be trivial to ensure that it's in our target distros.

jquery.timers

WTFPL

This isn't in the explicitly approved list, but is pretty liberal, and might be acceptable, who knows.

Home page for jquery timers is here. License on that page links to this page. Source code contains this " * Licensed under the WTFPL (http://sam.zoy.org/wtfpl/)."  legal review requested at https://issues.apache.org/jira/browse/LEGAL-135Update on this issue - per Jessica this will be removed see:

jquery-yafu

GPL 2.0

Remove or replace

This is not used; need to remove from source tree. - Created bug  to deal with the removal.

Apache Tomcat

Apache License Version 2.0

No Change - Fine as Is

Frank find source

iBATIS for Java

Apache License Version 2.0

No Change - Fine as Is

Source is located at least here:
utils/src/com/cloud/utils/db/ScriptRunner.java - and it's a forked copy - we should send that back upstream.

Orion SSH2

BSD 2.0

No Change - Fine as Is

Frank find source

XStream Library

BSD 2.0

No Change - Fine as Is

Frank check if we can remove

Apache Jakarta Commons Discovery

Apache 1.1

No Change - Fine as Is

approved -- fine

Apache log4j

Apache 1.1

No Change - Fine as Is

approved -- fine

Apache Web Services Axis

Apache 1.1

No Change - Fine as Is

approved -- fine

Apache Ant

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Apache Jakarta Commons Codec

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Apache Jakarta HTTP Client

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Apache Jakarta HttpComponents

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Apache Jakarta HttpComponents

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Apache Web Services Axis

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Apache Xerces Java XML Parser

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Apache-Jakarta Collections

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Apache-Jakarta DBCP

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Apache-Jakarta Lang

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Apache-Web Services Commons Util

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Code Generation Library

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

ehcache

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

excanvas

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

google-gson

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Jakarta Commons-Logging

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

Jetty - Java HTTP Servlet Server

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

selenium

Apache License Version 2.0

No Change - Fine as Is

approved -- fine

jquery-easing

BSD 2.0

No Change - Fine as Is

approved -- fine

VMware Infrastructure Java API

BSD 2.0

No Change - Fine as Is

approved -- fine | Uhhhh where is this in source??? --DavidN

VMware Java SDK

Proprietary, freely redistributable, but certainly not open source.

Perhaps by the above?

(this is in deps/vmware-*)

Bouncy Castle Crypto APIs

MIT License V2

No Change - Fine as Is

approved -- fine

flot

MIT License V2

No Change - Fine as Is

approved -- fine

jquery-ui

MIT License V2

No Change - Fine as Is

approved -- fine

pymysql

MIT License V2

No Change - Fine as Is

approved -- fine

UUID - generate UUIDs in Java

MIT License V2

No Change - Fine as Is

approved -- fine

jquery-validate

MIT License V2

Use under MIT

approved -- fine

jqueryjs

MIT License V2

Use under MIT

approved -- fine

GSON Closure Compiler

Apache License Version 2.0

No Change - Fine as Is

approved – fine

reset.css

Public Domain

Unknown

does ASF recognize public domain? can the author have given up his moral rights under copyright in the jurisdiction in which he resides/created the work?

URLEncoder

ASLv2

No Change - Fine as is

located in utils/src/com/cloud/utils/encoding/URLEncoder.java - double fork (original fork from java.net.URLEncoder by Craig McClanahan and Remy Maucherat, and then we also made changes)

OpenStack Swift Client

ASLv2

No Change - Fine as is

located in scripts/storage/secondary/swift and scripts/vm/hypervisor/xenserver/swift

slf4j-api

MIT

No Change - Fine as is

located in deps/awsapi-lib/rampart-lib - Needs attribution

QUnit v1.4.0pre

MIT

No Change - Fine as is

located in ui/lib/qunit/qunit.js and ui/lib/qunit/qunit.css

Component

License

Comment

Action

GlassFish

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0

Apache site states that "small amounts" of such source are OK.

Is this a "small amount"?  Needs attribution or removal.

Copyright (c) 2000-2005 INRIA, France Telecom

Unknown License

No Change - Fine as Is

file bug to remove/rewrite

GSON Closure Compiler

Apache License Version 2.0

No Change - Fine as Is

approved – fine

utils/src/com/cloud/utils/encoding/Base64.java

Public domain

No Change - Fine as is

utils/src/javax/ejb/Local.java

CDDL or GPL

We would choose CDDL

utils/src/javax/persistence/*

CDDL or GPL

We would choose CDDL