Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

License Incompatibility with GPL 3.0 Dependency (verapdf) #552

Closed
christianbuerckert opened this issue Nov 11, 2024 · 2 comments
Closed

License Incompatibility with GPL 3.0 Dependency (verapdf) #552

christianbuerckert opened this issue Nov 11, 2024 · 2 comments

Comments

@christianbuerckert
Copy link

christianbuerckert commented Nov 11, 2024
edited
Loading

We’ve identified a potential licensing issue regarding MustangLib’s dependency on verapdf, which is dual-licensed under the GPL 3.0 and MPL 2.0. Currently, MustangLib is licensed under Apache 2.0, but if verapdf were to be available only under GPL 3.0, this would introduce a conflict due to GPL’s strict copyleft requirements.

Problem Summary:

  • GPL 3.0’s Requirements: The GPL 3.0 license mandates that any code directly using or linking to GPL 3.0-licensed code must itself be released under GPL 3.0 when distributed.
  • Apache 2.0 and GPL 3.0 Incompatibility: Apache 2.0 and GPL 3.0 are not directly compatible, as the Apache license does not meet all the redistribution requirements of GPL 3.0 (e.g., patent rights and terms cannot be combined directly with GPL 3.0 in the same project).
  • Effect on MustangLib: If verapdf is only available under GPL 3.0, MustangLib would need to adopt the GPL 3.0 license as well, rather than Apache 2.0, to remain compliant.

Proposed Solution:

  1. Confirm verapdf’s License: Ensure verapdf remains dual-licensed under MPL 2.0 and GPL 3.0. Using verapdf under MPL 2.0 allows MustangLib to maintain its Apache 2.0 license without conflicts.
  2. Consider Alternative Libraries: If verapdf ever shifts to GPL 3.0 exclusively, consider alternative libraries under compatible licenses to avoid the Apache 2.0/GPL 3.0 conflict.

Request:
Please assess the long-term viability of verapdf within MustangLib, considering any potential future licensing changes. Clear documentation of this dependency’s licensing status would also be helpful for users to ensure continued compliance. Especially writing down the implications for commercial users.

Thank you for your attention to this licensing matter.
@jstaerk
Copy link
Collaborator

jstaerk commented Nov 12, 2024

Hi @christianbuerckert
thanks for pointing that out, I scheduled a meeting with them Monday, 15:00-16:00 CET, do you want to take part?
kind regards
Jochen

@jstaerk
Copy link
Collaborator

jstaerk commented Nov 18, 2024

ok turned out that (incompatibility) was the reason why they co-license under the MPL and Carl said I would not have to do anything, Mustang automatically uses the MPL version :-)

@jstaerk jstaerk closed this as completed Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jstaerk @christianbuerckert