[Bug 498873] Review Request: thrift - A multi-language RPC and serialization framework

bugzilla at redhat.com bugzilla at redhat.com
Mon Nov 22 17:48:57 UTC 2010


Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=498873

Jason Tibbitts <tibbs at math.uh.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |182235(FE-Legal)

--- Comment #18 from Jason Tibbitts <tibbs at math.uh.edu> 2010-11-22 12:48:55 EST ---
Well, I decided to take the weekend off.  Next thing to do here is look at the
licensing situation.  And it looks, according to the LICENSE file, rather
unpleasant.  (I hope you do realize that it's your job to look at this
licensing stuff and comment about it when you submit your package, instead of
expecting me to do all the work.)

The bulk is, obviously, ASL 2.0.  But there's a bunch of differently-licensed
stuff included in the source tarball, and someone needs to check to see if any
of that makes it into the final package.  Fortunately the LICENSE file
indicates everything that's differently-licensed, and as far as I can tell it's
correct.

The erlang automake file lib/erl/src/Makefile.am is supposedly MIT but is build
infrastructure and I'd expect that it wouldn't be in the final package. 
However, for whatever reason, your package includes it, along with the source
code for the module.  Can you explain why it would do that?  I looked through
some other erlang packages and they don't seem to do that.  You'd certainly
need to list the license of all included files if you actually want to include
them.

The stuff that was licensed from the old license to ASL 2.0 shouldn't be of any
concern.

The md5.[ch] stuff is a license I haven't seen before.  I verified that this is
built into the final thrift binary, so the license will need to be evaluated
for ASL 2.0 compatibility and perhaps accounted for in the License: tag.  For
legal, here's the license in question:

-----
  Copyright (C) 1999, 2000, 2002 Aladdin Enterprises.  All rights reserved.

  This software is provided 'as-is', without any express or implied
  warranty.  In no event will the authors be held liable for any damages
  arising from the use of this software.

  Permission is granted to anyone to use this software for any purpose,
  including commercial applications, and to alter it and redistribute it
  freely, subject to the following restrictions:

  1. The origin of this software must not be misrepresented; you must not
     claim that you wrote the original software. If you use this software
     in a product, an acknowledgment in the product documentation would be
     appreciated but is not required.
  2. Altered source versions must be plainly marked as such, and must not be
     misrepresented as being the original software.
  3. This notice may not be removed or altered from any source distribution.

  L. Peter Deutsch
  ghost at aladdin.com
----

lib/rb/setup.rb is LGPLv2+, but is build infrastructure and is not included in
the final package.

lib/ocaml/OCamlMakefile doesn't appear to have a license (the Thrift project
says LGPLv2+) but it's build infrastructure and is not included in the final
package.

I went to check bug 446993 to see if any of this had been covered before, but
that seems to be a completely unrelated review ticket (for liblicense).

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.



More information about the package-review mailing list