Skip to Content.
Sympa Menu

mace-opensaml-users - RE: dependencies licensing question

Subject: OpenSAML user discussion

List archive

RE: dependencies licensing question


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>
  • Subject: RE: dependencies licensing question
  • Date: Fri, 13 Apr 2007 22:28:24 -0400

> How about log4cxx? Its under apache license. Do you know if that would
> do the trick?

Do you mean the one that's hosted by Apache?
(http://logging.apache.org/log4cxx/)

This text has been there for years:

"log4cxx-0.9.7 can be downloaded from
http://logging.apache.org/site/binindex.html. At this point, log4cxx-0.9.7
is substantially out of date, has known serious deficiencies that have been
resolved in the CVS, and should be avoided for new code."

If they can't be bothered to release a stable snapshot in years, I don't see
how I can consider it.

> Logging is tough issue though. If not possible to replace the library with
> a non-LGPLed one, at least building without logging support would help
> a lot. I don't now if the method signatures would be a problem, but that's
> a much easier case to plead than having a hard dependency on LGPLed
> component.

Well, if you or somebody else does the work, I'll certainly consider it
until such time as considering alternatives is possible. Ideally it would be
done with macros to stub out calls rather than a ton of ifdefs.

But if you're expecting me to do the work at this point, I really don't
think I can promise that. I can try, but it won't be this month, and
probably not next.

-- Scott

PS. I think LGPL licensing is fine and I think this note, along with many
others, explains why quite nicely.

http://www.gnu.org/licenses/lgpl-java.html

If what you're building is itself going to be liberally licensed, then I
don't see why the Eclipse lawyers have a problem with this. I quote:

"Applications which link to LGPL libraries need not be released under the
LGPL. Applications need only follow the requirements in section 6 of the
LGPL: allow new versions of the library to be linked with the application;
and allow reverse engineering to debug this."

I've read section 6, and there's nothing onerous in it. So I really just
don't get all this angst over it. The FSF hates that they created this
license because it ended up getting used to circumvent the GPL rather
neatly. That's a big endorsement, I'd say.

FWIW, while the ASF has seemingly agonized a lot over the LGPL, my
impression from my reading is that the context of that is *distribution*,
not use. The ASF is strict that every byte they distribute is uniformly
licensed, so if you depend on LGPL code, you have to rip it out of the
package and force a separate download. If that's the Eclipse complaint, I'd
say that's more a Java thing than C, especially with shared libs.

I'm sure you're dealing with rabid licensing weasels and none of that helps
you, but as developers we need to fight for more freedom in choosing code,
not less. Open source libraries by and large kind of suck, we shouldn't
dismiss code out of hand.





Archive powered by MHonArc 2.6.16.

Top of Page