Details

    • Type: Question
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Labels:
      None

      Description

      Hi Legal,

      There's a hypothetical question on the Apache Cassandra mailing list about potentially expanding Cassandra's storage to be pluggable, specifically using RocksDB.

      RocksDB has a 3 clause BSD license (
      https://github.com/facebook/rocksdb/blob/master/LICENSE ), and a patent
      grant ( https://github.com/facebook/rocksdb/blob/master/PATENTS )

      I know the 3 clause BSD license is fine, but is the wording of the patent grant problematic?

      cc Dikang Gu

        Issue Links

          Activity

          Hide
          jjirsa Jeff Jirsa added a comment -

          Legal folks: Is there someone else I should ping to get an answer on this topic?

          Show
          jjirsa Jeff Jirsa added a comment - Legal folks: Is there someone else I should ping to get an answer on this topic?
          Hide
          jjirsa Jeff Jirsa added a comment -

          I don't want to be too obnoxious, but it'd be great if we could get an official opinion.

          I've tried legal-discuss as well ( https://lists.apache.org/thread.html/338b06f8a0570b3a0678dc2a60d2e09a356539ab69adbf2791c6510d@%3Clegal-discuss.apache.org%3E ), but I'm not sure what else to do to draw attention to this issue.

          Show
          jjirsa Jeff Jirsa added a comment - I don't want to be too obnoxious, but it'd be great if we could get an official opinion. I've tried legal-discuss as well ( https://lists.apache.org/thread.html/338b06f8a0570b3a0678dc2a60d2e09a356539ab69adbf2791c6510d@%3Clegal-discuss.apache.org%3E ), but I'm not sure what else to do to draw attention to this issue.
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          from a quick reading this looks like something that constrains the potential of projects that include this library to be a "universal donor" to downstream projects, and as such introduces limitations surrounding the use of this software. As such to me, this is not a project that I would encourage including in your software.

          Show
          chrismattmann Chris A. Mattmann added a comment - from a quick reading this looks like something that constrains the potential of projects that include this library to be a "universal donor" to downstream projects, and as such introduces limitations surrounding the use of this software. As such to me, this is not a project that I would encourage including in your software.
          Hide
          jjirsa Jeff Jirsa added a comment - - edited

          Thanks for the reply Chris A. Mattmann

          The patent retaliation was my concern ( https://lists.apache.org/thread.html/ca81697478388dd11db7e13941f21ecea81e52bb19281f27cd428100@%3Cprivate.cassandra.apache.org%3E ) , so it's unfortunate that you share it - I was HOPING you'd be closer to other opinions in that thread ( especially https://lists.apache.org/thread.html/4b19ceacea7a446eec9926d880dcb8a8979fe7033d25e79d44e86fc0@%3Cprivate.cassandra.apache.org%3E ).

          Shipping as a plugin may be an option, but if the ASF as a whole could perhaps clarify, that'd be grand.

          Show
          jjirsa Jeff Jirsa added a comment - - edited Thanks for the reply Chris A. Mattmann The patent retaliation was my concern ( https://lists.apache.org/thread.html/ca81697478388dd11db7e13941f21ecea81e52bb19281f27cd428100@%3Cprivate.cassandra.apache.org%3E ) , so it's unfortunate that you share it - I was HOPING you'd be closer to other opinions in that thread ( especially https://lists.apache.org/thread.html/4b19ceacea7a446eec9926d880dcb8a8979fe7033d25e79d44e86fc0@%3Cprivate.cassandra.apache.org%3E ). Shipping as a plugin may be an option, but if the ASF as a whole could perhaps clarify, that'd be grand.
          Hide
          yseeley@gmail.com Yonik Seeley added a comment -

          Unofficially, I concur. The patent retaliation clause seems to go well beyond our ASL and is thus seems unsuitable for a dependency.
          As for a plugin, to be on the safe side it seems like any RocksDB implementation of a Cassandra storage plugin (which presumably would need to include some RocksDB code) should be outside of the Cassandra project.

          Facebook's messaging: https://code.facebook.com/posts/1639473982937255/updating-our-open-source-patent-grant/
          Some other opinions: https://news.ycombinator.com/item?id=12692552

          Of course, if you look at https://github.com/facebook/rocksdb/blob/master/USERS.md
          it seems that both Apache Flink and Apache Samza maintain RocksDB storage plugins (and I verified quickly by looking at their code repos).... so this question should probably be cleared up at an ASF level?

          Show
          yseeley@gmail.com Yonik Seeley added a comment - Unofficially, I concur. The patent retaliation clause seems to go well beyond our ASL and is thus seems unsuitable for a dependency. As for a plugin, to be on the safe side it seems like any RocksDB implementation of a Cassandra storage plugin (which presumably would need to include some RocksDB code) should be outside of the Cassandra project. Facebook's messaging: https://code.facebook.com/posts/1639473982937255/updating-our-open-source-patent-grant/ Some other opinions: https://news.ycombinator.com/item?id=12692552 Of course, if you look at https://github.com/facebook/rocksdb/blob/master/USERS.md it seems that both Apache Flink and Apache Samza maintain RocksDB storage plugins (and I verified quickly by looking at their code repos).... so this question should probably be cleared up at an ASF level?
          Hide
          markt Mark Thomas added a comment -

          Having seen Chris's reply I took another look at the patent grant and I now see the concern. With that in mind it looks like it is a 'no' for RocksDB as a mandatory dependency and a possible 'yes' for RocksDB as an optional dependency depending on circumstances. As V.P. Legal it is Chris's call as to exactly what is permitted and is not permitted.

          Based on past experience, I recommend asking explicit "Can we do XYZ?" questions.

          Show
          markt Mark Thomas added a comment - Having seen Chris's reply I took another look at the patent grant and I now see the concern. With that in mind it looks like it is a 'no' for RocksDB as a mandatory dependency and a possible 'yes' for RocksDB as an optional dependency depending on circumstances. As V.P. Legal it is Chris's call as to exactly what is permitted and is not permitted. Based on past experience, I recommend asking explicit "Can we do XYZ?" questions.
          Hide
          jjirsa Jeff Jirsa added a comment -

          I'd definitely like to take back some options to the PMC, so let's dig into what we can and can't do:

          Can we rewrite storage engine to use RocksDB as it's only option? Seems like answer here is no

          Can we rewrite storage engine to have two options, one RocksDB and another native Cassandra, with both in tree, but requiring the user to opt in to the more restrictive patent?

          Can we rewrite the storage engine to have two options, one RocksDB and another native Cassandra, with RocksDB kept in another repo , requiring explicit action to opt in and built as separate binary package? If so, can that repo / binary be hosted on ASF hardware and built by the apache Cassandra team, or must it be completely external?

          Show
          jjirsa Jeff Jirsa added a comment - I'd definitely like to take back some options to the PMC, so let's dig into what we can and can't do: Can we rewrite storage engine to use RocksDB as it's only option? Seems like answer here is no Can we rewrite storage engine to have two options, one RocksDB and another native Cassandra, with both in tree, but requiring the user to opt in to the more restrictive patent? Can we rewrite the storage engine to have two options, one RocksDB and another native Cassandra, with RocksDB kept in another repo , requiring explicit action to opt in and built as separate binary package? If so, can that repo / binary be hosted on ASF hardware and built by the apache Cassandra team, or must it be completely external?
          Hide
          dikanggu Dikang Gu added a comment -

          Jeff Jirsa Thanks a lot for driving this, those are great questions! Let me know if you need any information from me. Thanks!

          Show
          dikanggu Dikang Gu added a comment - Jeff Jirsa Thanks a lot for driving this, those are great questions! Let me know if you need any information from me. Thanks!
          Hide
          chrismattmann Chris A. Mattmann added a comment - - edited

          This specific language from the PATENTS file is troubling, but overall the whole file gives me pause:

          For avoidance of doubt, no license is granted under Facebook’s rights in any patent claims that are infringed by modifications to the Software made by you or any third party or (ii) the Software incombination with any software or other technology.

          In addition in answer to your questions:

          Can we rewrite storage engine to use RocksDB as it's only option? Seems like answer here is no

          Correct

          Can we rewrite storage engine to have two options, one RocksDB and another native Cassandra, with both in tree, but requiring the user to opt in to the more restrictive patent?

          No

          Can we rewrite the storage engine to have two options, one RocksDB and another native Cassandra, with RocksDB kept in another repo , requiring explicit action to opt in and built as separate binary package?

          Yes, as long as that "other" repo exists somewhere outside the ASF.

          If so, can that repo / binary be hosted on ASF hardware and built by the apache Cassandra team, or must it be completely external?

          Completely external.

          Show
          chrismattmann Chris A. Mattmann added a comment - - edited This specific language from the PATENTS file is troubling, but overall the whole file gives me pause: For avoidance of doubt, no license is granted under Facebook’s rights in any patent claims that are infringed by modifications to the Software made by you or any third party or (ii) the Software incombination with any software or other technology. In addition in answer to your questions: Can we rewrite storage engine to use RocksDB as it's only option? Seems like answer here is no Correct Can we rewrite storage engine to have two options, one RocksDB and another native Cassandra, with both in tree, but requiring the user to opt in to the more restrictive patent? No Can we rewrite the storage engine to have two options, one RocksDB and another native Cassandra, with RocksDB kept in another repo , requiring explicit action to opt in and built as separate binary package? Yes, as long as that "other" repo exists somewhere outside the ASF. If so, can that repo / binary be hosted on ASF hardware and built by the apache Cassandra team, or must it be completely external? Completely external.
          Hide
          dikanggu Dikang Gu added a comment -

          FYI, recently RocksDB provides a second license (GPLv2), does that make any difference? https://github.com/facebook/rocksdb/blob/master/COPYING

          Show
          dikanggu Dikang Gu added a comment - FYI, recently RocksDB provides a second license (GPLv2), does that make any difference? https://github.com/facebook/rocksdb/blob/master/COPYING
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          Hi Dikang Gu, please read: https://www.apache.org/legal/resolved.html#category-x

          GPLv2 is a Category-X license and it may not be included in Apache projects.

          Show
          chrismattmann Chris A. Mattmann added a comment - Hi Dikang Gu , please read: https://www.apache.org/legal/resolved.html#category-x GPLv2 is a Category-X license and it may not be included in Apache projects.
          Hide
          johndament John D. Ament added a comment -

          Dikang Gu GPL would be worse in this case, from the ASF standpoint. GPL also doesn't remove the PATENT clause they've added.

          Show
          johndament John D. Ament added a comment - Dikang Gu GPL would be worse in this case, from the ASF standpoint. GPL also doesn't remove the PATENT clause they've added.
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          I'm going to leave this open for 48 hours more, to collect feedback, and then resolve it. Thanks.

          Show
          chrismattmann Chris A. Mattmann added a comment - I'm going to leave this open for 48 hours more, to collect feedback, and then resolve it. Thanks.
          Hide
          brandon.williams Brandon Williams added a comment -

          This doesn't seem like the ideal time to be starting that timer.

          Show
          brandon.williams Brandon Williams added a comment - This doesn't seem like the ideal time to be starting that timer.
          Hide
          markt Mark Thomas added a comment - - edited

          For avoidance of doubt, no license is granted under Facebook’s rights in any patent claims that are infringed by modifications to the Software made by you or any third party or (ii) the Software in combination with any software or other technology.

          I don't think there is anything to be concerned with in that particular part of the patent grant. It is the same as discussions the ASF has had several times with various external entities regarding software grants. What I believe it intends to cover is the following:

          • Foo Co has patents P1 and P2
          • Foo Co owns code C that does infringe P1
          • Foo Co owns code C that does not infringe P2
          • Foo Co donates C to Apache Bar
          • Apache Bar and downstream users now have a patent license for P1 but not P2
          • A.N. Other committer modifies C such that is does implement patent P2
          • Apache Bar and downstream users still have a patent license for P1 but not P2

          i.e. If the code Foo Co donated did not infringe on P2 then there is no way that subsequent modifications to the donated code (by entities other than Foo Co employees) can result in Foo Co licensing P2 to the ASF and all down-stream users.

          The language that bothered me was:

          The license granted hereunder will terminate, automatically and without notice, if you (or any of your subsidiaries, corporate affiliates or agents) initiate directly or indirectly, or take a direct financial interest in, any Patent Assertion: against Facebook or any of its subsidiaries or corporate affiliates, ...

          My reading of that is if you use this code and Facebook infringes a completely unrelated patent that you own, you can't sue them for infringement without giving up this patent license. That is much broader than the language in the ALv2 which is limited to a single work.

          Show
          markt Mark Thomas added a comment - - edited For avoidance of doubt, no license is granted under Facebook’s rights in any patent claims that are infringed by modifications to the Software made by you or any third party or (ii) the Software in combination with any software or other technology. I don't think there is anything to be concerned with in that particular part of the patent grant. It is the same as discussions the ASF has had several times with various external entities regarding software grants. What I believe it intends to cover is the following: Foo Co has patents P1 and P2 Foo Co owns code C that does infringe P1 Foo Co owns code C that does not infringe P2 Foo Co donates C to Apache Bar Apache Bar and downstream users now have a patent license for P1 but not P2 A.N. Other committer modifies C such that is does implement patent P2 Apache Bar and downstream users still have a patent license for P1 but not P2 i.e. If the code Foo Co donated did not infringe on P2 then there is no way that subsequent modifications to the donated code (by entities other than Foo Co employees) can result in Foo Co licensing P2 to the ASF and all down-stream users. The language that bothered me was: The license granted hereunder will terminate, automatically and without notice, if you (or any of your subsidiaries, corporate affiliates or agents) initiate directly or indirectly, or take a direct financial interest in, any Patent Assertion: against Facebook or any of its subsidiaries or corporate affiliates, ... My reading of that is if you use this code and Facebook infringes a completely unrelated patent that you own, you can't sue them for infringement without giving up this patent license. That is much broader than the language in the ALv2 which is limited to a single work.
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          Hey Mark:

          I don't think there is anything to be concerned with in that particular part of the patent grant. It is the same as discussions the ASF has had several times with various external entities regarding software grants. What I believe it intends to cover is the following: ...

          I like your concrete example and agree with it there. I read the above as not granting a patent license (and in effect not allowing the same upstream patent termination that ALv2 does). Either way, the next part:

          The language that bothered me was: ...

          Also bothers me too, and collectively as a whole, this is not a license I'm prepared to approve for use in our projects.

          As for the 48 hour timer comment, it was an effort to move this to a resolution. For example, I've already issued guidance above in response to Jeff & Dikang's specific questions. As such the remainder of leaving the issue open is simply to collect feedback (which can also be provided after the issue is resolved). I'm happy to leave it open a little longer if folks want, but I'd like to move this to a resolution by next week. Thanks.

          Show
          chrismattmann Chris A. Mattmann added a comment - Hey Mark: I don't think there is anything to be concerned with in that particular part of the patent grant. It is the same as discussions the ASF has had several times with various external entities regarding software grants. What I believe it intends to cover is the following: ... I like your concrete example and agree with it there. I read the above as not granting a patent license (and in effect not allowing the same upstream patent termination that ALv2 does). Either way, the next part: The language that bothered me was: ... Also bothers me too, and collectively as a whole, this is not a license I'm prepared to approve for use in our projects. As for the 48 hour timer comment, it was an effort to move this to a resolution. For example, I've already issued guidance above in response to Jeff & Dikang's specific questions. As such the remainder of leaving the issue open is simply to collect feedback (which can also be provided after the issue is resolved). I'm happy to leave it open a little longer if folks want, but I'd like to move this to a resolution by next week. Thanks.
          Hide
          brandon.williams Brandon Williams added a comment -

          As for the 48 hour timer comment, it was an effort to move this to a resolution.

          I am fine with that and should have been more specific: a Saturday afternoon is not the best day of the week, imho, for a 48 hour timer to start.

          Show
          brandon.williams Brandon Williams added a comment - As for the 48 hour timer comment, it was an effort to move this to a resolution. I am fine with that and should have been more specific: a Saturday afternoon is not the best day of the week, imho, for a 48 hour timer to start.
          Hide
          bdelacretaz Bertrand Delacretaz added a comment - - edited

          The language that bothered me was: The license granted hereunder will terminate...

          FWIW I think that is the same clause as used in the React.js license that has been noticed last year, http://react-etc.net/entry/your-license-to-use-react-js-can-be-revoked-if-you-compete-with-facebook has some additional information.

          I also think that clause makes the license unacceptable to the ASF as it puts more restrictions on software than our license does.

          Update: it looks like the canonical name for that license is "Facebook BSD+Patents license"

          Show
          bdelacretaz Bertrand Delacretaz added a comment - - edited The language that bothered me was: The license granted hereunder will terminate ... FWIW I think that is the same clause as used in the React.js license that has been noticed last year, http://react-etc.net/entry/your-license-to-use-react-js-can-be-revoked-if-you-compete-with-facebook has some additional information. I also think that clause makes the license unacceptable to the ASF as it puts more restrictions on software than our license does. Update: it looks like the canonical name for that license is "Facebook BSD+Patents license"
          Hide
          fielding Roy T. Fielding added a comment - - edited

          I have discussed that license with Facebook's legal counsel. It is not BSD (which relies on implied patent grants) and is intentionally incompatible with the Apache License.

          [update: Various people have taken this comment out of context and rephrased it to make it seem like some broader allegation by me or, even weirder, a conspiracy by FB to be incompatible; that's all *nonsense*. To clarify, in October 2016, I discussed with them my interpretation of the BSD+PATENT addition as a revocation of the traditional BSD implied license and I explained why that would be incompatible with the Apache License 2.0 (as its primary author). To the best of my understanding, everyone on the call agreed that my interpretation was both accurate and intended, and the license has not changed since then. That *does not* mean that FB intended their license to be incompatible from the get go!]

          Show
          fielding Roy T. Fielding added a comment - - edited I have discussed that license with Facebook's legal counsel. It is not BSD (which relies on implied patent grants) and is intentionally incompatible with the Apache License. [update: Various people have taken this comment out of context and rephrased it to make it seem like some broader allegation by me or, even weirder, a conspiracy by FB to be incompatible; that's all *nonsense*. To clarify, in October 2016, I discussed with them my interpretation of the BSD+PATENT addition as a revocation of the traditional BSD implied license and I explained why that would be incompatible with the Apache License 2.0 (as its primary author). To the best of my understanding, everyone on the call agreed that my interpretation was both accurate and intended, and the license has not changed since then. That *does not* mean that FB intended their license to be incompatible from the get go!]
          Hide
          jjirsa Jeff Jirsa added a comment - - edited

          FWIW, FB has a FAQ here on their intent: https://code.facebook.com/pages/850928938376556

          We use a standard BSD license paired with an additional patent grant for most of our open source projects. For brevity, we call this combination the Facebook BSD+Patents license. We've compiled some answers to common questions about the additional patent grant:

          Does the additional patent grant in the Facebook BSD+Patents license terminate if I create a competing product?

          No.

          Does the additional patent grant in the Facebook BSD+Patents license terminate if I sue Facebook for something other than patent infringement?

          No.

          Does the additional patent grant in the Facebook BSD+Patents license terminate if Facebook sues me for patent infringement first, and then I respond with a patent counterclaim against Facebook?

          No, unless your patent counterclaim is related to Facebook's software licensed under the Facebook BSD+Patents license.

          Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?

          No.

          To Mark Thomas's point above:

          My reading of that is if you use this code and Facebook infringes a completely unrelated patent that you own, you can't sue them for infringement without giving up this patent license. That is much broader than the language in the ALv2 which is limited to a single work.

          I think FB's clarification is that this is not their intent - only claims involving the BSD+Patents licensed software cancels the patent grant, so it's not as broad as your fear.

          Looks like we at least understand what options are - either plugin outside of the ASF repo, or ask FB to change the wording of the patent grant. Given statements here that the wording was intentionally incompatible with the Apache license, I'm not sure if that's likely to have much impact (though Dikang Gu , if you believe otherwise, that'd be good to know).

          I'll leave the open question of Apache Flink and Apache Samza using RocksDB to legal.

          Show
          jjirsa Jeff Jirsa added a comment - - edited FWIW, FB has a FAQ here on their intent: https://code.facebook.com/pages/850928938376556 We use a standard BSD license paired with an additional patent grant for most of our open source projects. For brevity, we call this combination the Facebook BSD+Patents license. We've compiled some answers to common questions about the additional patent grant: Does the additional patent grant in the Facebook BSD+Patents license terminate if I create a competing product? No. Does the additional patent grant in the Facebook BSD+Patents license terminate if I sue Facebook for something other than patent infringement? No. Does the additional patent grant in the Facebook BSD+Patents license terminate if Facebook sues me for patent infringement first, and then I respond with a patent counterclaim against Facebook? No, unless your patent counterclaim is related to Facebook's software licensed under the Facebook BSD+Patents license. Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate? No. To Mark Thomas 's point above: My reading of that is if you use this code and Facebook infringes a completely unrelated patent that you own, you can't sue them for infringement without giving up this patent license. That is much broader than the language in the ALv2 which is limited to a single work. I think FB's clarification is that this is not their intent - only claims involving the BSD+Patents licensed software cancels the patent grant, so it's not as broad as your fear. Looks like we at least understand what options are - either plugin outside of the ASF repo, or ask FB to change the wording of the patent grant. Given statements here that the wording was intentionally incompatible with the Apache license, I'm not sure if that's likely to have much impact (though Dikang Gu , if you believe otherwise, that'd be good to know). I'll leave the open question of Apache Flink and Apache Samza using RocksDB to legal.
          Hide
          yseeley@gmail.com Yonik Seeley added a comment -

          I think FB's clarification is that this is not their intent

          I don't see anything in that FAQ that contradicts Mark's point (which is also my main concern with the patent clause).

          Show
          yseeley@gmail.com Yonik Seeley added a comment - I think FB's clarification is that this is not their intent I don't see anything in that FAQ that contradicts Mark's point (which is also my main concern with the patent clause).
          Hide
          jjirsa Jeff Jirsa added a comment -

          Yep, I reread the bottom half of the paragraph and ignored the top. Point stands, we'll close and work around it.

          Show
          jjirsa Jeff Jirsa added a comment - Yep, I reread the bottom half of the paragraph and ignored the top. Point stands, we'll close and work around it.
          Hide
          johndament John D. Ament added a comment -

          Chris A. Mattmann can we add this to resolved as being Cat-X?

          Show
          johndament John D. Ament added a comment - Chris A. Mattmann can we add this to resolved as being Cat-X?
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          Hi John, yes, I believe Cat-X fits this license. i'm going to resolve as Category-X once I update the website. Thanks everyone.

          Show
          chrismattmann Chris A. Mattmann added a comment - Hi John, yes, I believe Cat-X fits this license. i'm going to resolve as Category-X once I update the website. Thanks everyone.
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          I've added RocksDB to Category-X in r1014182.

          Show
          chrismattmann Chris A. Mattmann added a comment - I've added RocksDB to Category-X in r1014182.
          Hide
          tlipcon Todd Lipcon added a comment -

          FWIW it seems like there are several ASF projects that were already using RocksDB prior to this decision. eg Samza, Flink, Marmotta, Kafka and Bahir all come up when I do a github search for rocksdb under the apache organization. Possibly others that still use non-git version control may be impacted as well.

          Would be good to clarify any grandfathering policy, etc, for those projects (or re-evaluate this decision)

          Show
          tlipcon Todd Lipcon added a comment - FWIW it seems like there are several ASF projects that were already using RocksDB prior to this decision. eg Samza, Flink, Marmotta, Kafka and Bahir all come up when I do a github search for rocksdb under the apache organization. Possibly others that still use non-git version control may be impacted as well. Would be good to clarify any grandfathering policy, etc, for those projects (or re-evaluate this decision)
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          Hi Todd, thanks for the pointer. Let me consider a grandfathering policy, and get back to this issue later in the week. Thanks.

          Show
          chrismattmann Chris A. Mattmann added a comment - Hi Todd, thanks for the pointer. Let me consider a grandfathering policy, and get back to this issue later in the week. Thanks.
          Hide
          dikanggu Dikang Gu added a comment -

          Chris A. Mattmann, I'd like to check that do you have any update about this issue? Given there are already some other Apache projects are using RocksDB as a dependency.

          Like Todd mentioned, for Kafka, it uses RocksDB as a direct dependency. https://github.com/apache/kafka/blob/45f2261763eac5caaebf860daab32ef5337c9293/gradle/dependencies.gradle

          Thanks.

          Show
          dikanggu Dikang Gu added a comment - Chris A. Mattmann , I'd like to check that do you have any update about this issue? Given there are already some other Apache projects are using RocksDB as a dependency. Like Todd mentioned, for Kafka, it uses RocksDB as a direct dependency. https://github.com/apache/kafka/blob/45f2261763eac5caaebf860daab32ef5337c9293/gradle/dependencies.gradle Thanks.
          Hide
          johndament John D. Ament added a comment -

          Kafka appears to be using rocksdbjni, which is a JNI interface for using RocksDB via DLL in Java. I'm not sure it has the same license as RocksDB - https://github.com/facebook/rocksdb/tree/master/java

          Show
          johndament John D. Ament added a comment - Kafka appears to be using rocksdbjni, which is a JNI interface for using RocksDB via DLL in Java. I'm not sure it has the same license as RocksDB - https://github.com/facebook/rocksdb/tree/master/java
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          hi Dikang Gu I will not be revisiting this decision anytime soon - so other projects that are using RocksDB as a dependency should move hastily to remove it as a dependency in their projects.

          Show
          chrismattmann Chris A. Mattmann added a comment - hi Dikang Gu I will not be revisiting this decision anytime soon - so other projects that are using RocksDB as a dependency should move hastily to remove it as a dependency in their projects.
          Hide
          shazron Shazron Abdullah added a comment -

          I think I know the answer to this, but does this by implication put the "Facebook BSD+Patents license" under Category-X as well? Should that be a different issue? Since https://www.apache.org/legal/resolved.html only talks about the RocksDB license specifically

          Show
          shazron Shazron Abdullah added a comment - I think I know the answer to this, but does this by implication put the "Facebook BSD+Patents license" under Category-X as well? Should that be a different issue? Since https://www.apache.org/legal/resolved.html only talks about the RocksDB license specifically
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          yes it also applies for the Facebook BSD+Patents - it's the same license. I'll update legal/resolved to reflect that.

          Show
          chrismattmann Chris A. Mattmann added a comment - yes it also applies for the Facebook BSD+Patents - it's the same license. I'll update legal/resolved to reflect that.
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          in r1802027 and r1802028 I updated the legal/resolved.html page to include Facebook BSD+Patents, bringing this to a close.

          Show
          chrismattmann Chris A. Mattmann added a comment - in r1802027 and r1802028 I updated the legal/resolved.html page to include Facebook BSD+Patents, bringing this to a close.
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          I sent a notice today to all Apache PMCs with the following contents:

          Hi,
          
          As some of you may know, recently the Facebook BSD+patents license has been
          moved to Category X (https://www.apache.org/legal/resolved#category-x).
          Please see LEGAL-303 [1] for a discussion of this. The license is also referred
          to as the ROCKSDB license, even though Facebook BSD+patents is its more
          industry standard name.
          
          This has impacted some projects, to date based on LEGAL-303
          and the detective work of Todd Lipcon:
          
          Samza, Flink, Marmotta, Kafka and Bahir
          
          (perhaps more)
          
          Please take notice of the following policy:
          
          o No new project, sub-project or codebase, which has not
            used Facebook BSD+patents licensed jars (or similar), are allowed to use
            them. In other words, if you haven't been using them, you
            aren't allowed to start. It is Cat-X.
          
          o If you have been using it, and have done so in a *release*,
            you have a temporary exclusion from the Cat-X classification thru
            August 31, 2017. At that point in time, ANY and ALL usage
            of these Facebook BSD+patents licensed artifacts are DISALLOWED. You must
            either find a suitably licensed replacement, or do without.
            There will be NO exceptions.
          
          o Any situation not covered by the above is an implicit
            DISALLOWAL of usage.
          
          Also please note that in the 2nd situation (where a temporary
          exclusion has been granted), you MUST ensure that NOTICE explicitly
          notifies the end-user that a Facebook BSD+patents licensed artifact exists. They
          may not be aware of it up to now, and that MUST be addressed.
          
          If there are any questions, please ask on the legal-discuss@a.o
          list.
          
          Thanks.
          
          Cheers,
          Chris Mattmann
          VP Legal Affairs
          
          [1] https://issues.apache.org/jira/browse/LEGAL-303
          
          Show
          chrismattmann Chris A. Mattmann added a comment - I sent a notice today to all Apache PMCs with the following contents: Hi, As some of you may know, recently the Facebook BSD+patents license has been moved to Category X (https://www.apache.org/legal/resolved#category-x). Please see LEGAL-303 [1] for a discussion of this. The license is also referred to as the ROCKSDB license, even though Facebook BSD+patents is its more industry standard name. This has impacted some projects, to date based on LEGAL-303 and the detective work of Todd Lipcon: Samza, Flink, Marmotta, Kafka and Bahir (perhaps more) Please take notice of the following policy: o No new project, sub-project or codebase, which has not used Facebook BSD+patents licensed jars (or similar), are allowed to use them. In other words, if you haven't been using them, you aren't allowed to start. It is Cat-X. o If you have been using it, and have done so in a *release*, you have a temporary exclusion from the Cat-X classification thru August 31, 2017. At that point in time, ANY and ALL usage of these Facebook BSD+patents licensed artifacts are DISALLOWED. You must either find a suitably licensed replacement, or do without. There will be NO exceptions. o Any situation not covered by the above is an implicit DISALLOWAL of usage. Also please note that in the 2nd situation (where a temporary exclusion has been granted), you MUST ensure that NOTICE explicitly notifies the end-user that a Facebook BSD+patents licensed artifact exists. They may not be aware of it up to now, and that MUST be addressed. If there are any questions, please ask on the legal-discuss@a.o list. Thanks. Cheers, Chris Mattmann VP Legal Affairs [1] https://issues.apache.org/jira/browse/LEGAL-303
          Hide
          greghogan Greg Hogan added a comment -

          IANAL but as an "additional grant of patent rights" (Facebook's wording) why must the ASF use RocksDB under this grant? Without this additional grant of patent rights the software is licensed with the ASL2-compatible 3-clause BSD. As noted earlier, the availability of a GPLv2 license does not preclude inclusion by an ASF project. If patent rights are not conferred by the 3-clause BSD and required by ASLv2 then would not these licenses be incompatible?

          Show
          greghogan Greg Hogan added a comment - IANAL but as an "additional grant of patent rights" ( Facebook's wording ) why must the ASF use RocksDB under this grant? Without this additional grant of patent rights the software is licensed with the ASL2-compatible 3-clause BSD. As noted earlier, the availability of a GPLv2 license does not preclude inclusion by an ASF project. If patent rights are not conferred by the 3-clause BSD and required by ASLv2 then would not these licenses be incompatible?
          Hide
          tdunning Ted Dunning added a comment -

          Greg,

          The restrictions imposed by FB's BSD + patents license can't be disentangled from the BSD license itself. You don't get to pick and choose terms in a single license. The cases you cite are ones where the authors explicitly allow a choice. FB isn't offering a choice.

          Note also Roy's comment that he has discussed the matter with FB's counsel and the word is that the FB license is intentionally incompatible. It is hard to make the argument that it is compatible after hearing that. Pragmatically speaking, regardless of any semantic shaving being done, having a statement like that from the source of the license is very daunting. If they think it is incompatible, we need to not try to wheedle and convince ourselves it is not.

          Show
          tdunning Ted Dunning added a comment - Greg, The restrictions imposed by FB's BSD + patents license can't be disentangled from the BSD license itself. You don't get to pick and choose terms in a single license. The cases you cite are ones where the authors explicitly allow a choice. FB isn't offering a choice. Note also Roy's comment that he has discussed the matter with FB's counsel and the word is that the FB license is intentionally incompatible. It is hard to make the argument that it is compatible after hearing that. Pragmatically speaking, regardless of any semantic shaving being done, having a statement like that from the source of the license is very daunting. If they think it is incompatible, we need to not try to wheedle and convince ourselves it is not.
          Hide
          davidrecordon David Recordon added a comment -

          Hi all, wanted to jump in here to let everyone know that the RocksDB team is adjusting the licensing such that it will be dual-licensed under the Apache 2 and GPL 2 (for MySQL compatibility) licenses. This should happen shortly and well ahead of August 31st. I'll leave the history and philosophy around licensing alone since it's generally a complex discussion to have and I'm not sure that it has actually been fully captured in this thread especially vis a vis Facebook's intent.

          Hopefully this morning's guidance to PMCs can be adjusted since I don't think any of us see a bunch of extra engineering effort as a desirable thing across the ASF projects which are already making use of RocksDB

          Thanks,
          --David

          Show
          davidrecordon David Recordon added a comment - Hi all, wanted to jump in here to let everyone know that the RocksDB team is adjusting the licensing such that it will be dual-licensed under the Apache 2 and GPL 2 (for MySQL compatibility) licenses. This should happen shortly and well ahead of August 31st. I'll leave the history and philosophy around licensing alone since it's generally a complex discussion to have and I'm not sure that it has actually been fully captured in this thread especially vis a vis Facebook's intent. Hopefully this morning's guidance to PMCs can be adjusted since I don't think any of us see a bunch of extra engineering effort as a desirable thing across the ASF projects which are already making use of RocksDB Thanks, --David
          Hide
          johndament John D. Ament added a comment -

          Hi David,

          Can you point to a link with this discussion/issue/etc? And I'm assuming this will apply to all sources within the rocksdb project?

          John

          Show
          johndament John D. Ament added a comment - Hi David, Can you point to a link with this discussion/issue/etc? And I'm assuming this will apply to all sources within the rocksdb project? John
          Hide
          tdunning Ted Dunning added a comment -

          David,

          Do you know about the licensing for React?

          (not that I think that there is any connection to RocksDB)

          On Sat, Jul 15, 2017 at 2:11 PM, David Recordon (JIRA) <jira@apache.org>

          Show
          tdunning Ted Dunning added a comment - David, Do you know about the licensing for React? (not that I think that there is any connection to RocksDB) On Sat, Jul 15, 2017 at 2:11 PM, David Recordon (JIRA) <jira@apache.org>
          Hide
          wohali Joan Touzet added a comment - - edited
          Show
          wohali Joan Touzet added a comment - - edited Just confirming that, as of right now, React still falls under the same license as RocksDB - BSD+Patent. https://github.com/facebook/react/blob/master/LICENSE https://github.com/facebook/react/blob/master/PATENTS https://en.wikipedia.org/wiki/React_(JavaScript_library)#Licensing
          Hide
          jjirsa Jeff Jirsa added a comment -

          Hi all, wanted to jump in here to let everyone know that the RocksDB team is adjusting the licensing such that it will be dual-licensed under the Apache 2 and GPL 2 (for MySQL compatibility) licenses

          David Recordon - that sounds like a fantastic change, and I'm excited to see it land.

          Show
          jjirsa Jeff Jirsa added a comment - Hi all, wanted to jump in here to let everyone know that the RocksDB team is adjusting the licensing such that it will be dual-licensed under the Apache 2 and GPL 2 (for MySQL compatibility) licenses David Recordon - that sounds like a fantastic change, and I'm excited to see it land.
          Hide
          wohali Joan Touzet added a comment -

          Ted Dunning David Recordon I've just asked the same of React: https://github.com/facebook/react/issues/10191

          If you are able to assist in any way, it would be most graciously appreciated.

          Show
          wohali Joan Touzet added a comment - Ted Dunning David Recordon I've just asked the same of React: https://github.com/facebook/react/issues/10191 If you are able to assist in any way, it would be most graciously appreciated.
          Hide
          johndament John D. Ament added a comment -

          It may be easier to follow the equivalent React discussion at LEGAL-319.

          Show
          johndament John D. Ament added a comment - It may be easier to follow the equivalent React discussion at LEGAL-319 .
          Hide
          sdong Siying Dong added a comment -

          I’ve committed a change to RocksDB such that it is now dual licensed under the Apache 2 and GPL 2 licenses: https://github.com/facebook/rocksdb/commit/3c327ac2d0fd50bbd82fe1f1af5de909dad769e6.

          Show
          sdong Siying Dong added a comment - I’ve committed a change to RocksDB such that it is now dual licensed under the Apache 2 and GPL 2 licenses: https://github.com/facebook/rocksdb/commit/3c327ac2d0fd50bbd82fe1f1af5de909dad769e6 .
          Hide
          ralph.goers@dslextreme.com Ralph Goers added a comment -

          The headers say that the files are licensed under both Apache 2 and GPL2. What exactly does that mean? Are users free to choose which license they want or are both licenses supposed to somehow apply at the same time?

          Show
          ralph.goers@dslextreme.com Ralph Goers added a comment - The headers say that the files are licensed under both Apache 2 and GPL2. What exactly does that mean? Are users free to choose which license they want or are both licenses supposed to somehow apply at the same time?
          Hide
          tdunning Ted Dunning added a comment -

          That conventionally means that they are licensed under either license.

          Show
          tdunning Ted Dunning added a comment - That conventionally means that they are licensed under either license.
          Hide
          clr Craig L Russell added a comment - - edited

          I've reviewed the change in license for rocksdb in this pull request:

          https://github.com/facebook/rocksdb/commit/3c327ac2d0fd50bbd82fe1f1af5de909dad769e6

          If I read this correctly they have made significant changes:

          0. Rocksdb is no longer licensed under BSD with an accompanying patent grant.

          1. Rocksdb is now dual-licensed under GPL 2.0 and Apache 2.0. Users can choose which license under which they use rocksdb. This change makes it suitable (as a dependency and/or distribution) for use in both GPL-licensed works and Apache-licensed works.

          2. The patent grant/restriction has been removed entirely. There is no longer a file PATENTS in the repository.

          This changes everything.

          Show
          clr Craig L Russell added a comment - - edited I've reviewed the change in license for rocksdb in this pull request: https://github.com/facebook/rocksdb/commit/3c327ac2d0fd50bbd82fe1f1af5de909dad769e6 If I read this correctly they have made significant changes: 0. Rocksdb is no longer licensed under BSD with an accompanying patent grant. 1. Rocksdb is now dual-licensed under GPL 2.0 and Apache 2.0. Users can choose which license under which they use rocksdb. This change makes it suitable (as a dependency and/or distribution) for use in both GPL-licensed works and Apache-licensed works. 2. The patent grant/restriction has been removed entirely. There is no longer a file PATENTS in the repository. This changes everything.
          Hide
          mspiegel Michael Spiegel added a comment -

          One piece of information that may be helpful is that at some institutions any dual licensed software the licenses are interpreted as an AND instead of EXCLUSIVE OR. I'm not a lawyer and I can't say I understand this policy. Just pointed out that I've seen it that way at more than one institution. So sometimes dual licensing can have unintended consequences.

          > That conventionally means that they are licensed under either license.

          Show
          mspiegel Michael Spiegel added a comment - One piece of information that may be helpful is that at some institutions any dual licensed software the licenses are interpreted as an AND instead of EXCLUSIVE OR. I'm not a lawyer and I can't say I understand this policy. Just pointed out that I've seen it that way at more than one institution. So sometimes dual licensing can have unintended consequences. > That conventionally means that they are licensed under either license.
          Hide
          fielding Roy T. Fielding added a comment -

          Umm, no worries ... a licensor's AND is the same as a recipient's XOR.

          A copyright owner has the right to non-exclusively license the same work as many times and in as many ways as they like. When we pick up a work that is dual-licensed and redistribute it, we are choosing to be bound by one of those licenses — we are not changing the license in any way, since the copyright owner is doing the licensing and their licensing remains the same no matter how many copies we give out downstream. The problem with dual licensing is figuring out the implied license coming back in any contributions, but most projects fix that by making the dual license explicit in the contribution process.

          In any case, this certainly clears the issue for RocksDB, and we should all thank David Recordon for that.

          Show
          fielding Roy T. Fielding added a comment - Umm, no worries ... a licensor's AND is the same as a recipient's XOR. A copyright owner has the right to non-exclusively license the same work as many times and in as many ways as they like. When we pick up a work that is dual-licensed and redistribute it, we are choosing to be bound by one of those licenses — we are not changing the license in any way, since the copyright owner is doing the licensing and their licensing remains the same no matter how many copies we give out downstream. The problem with dual licensing is figuring out the implied license coming back in any contributions, but most projects fix that by making the dual license explicit in the contribution process. In any case, this certainly clears the issue for RocksDB, and we should all thank David Recordon for that.
          Hide
          StephanEwen Stephan Ewen added a comment -

          What concrete actions do projects that use RocksDB need to do?
          Simply update to the latest version, which has the license update?

          Show
          StephanEwen Stephan Ewen added a comment - What concrete actions do projects that use RocksDB need to do? Simply update to the latest version, which has the license update?
          Hide
          chrismattmann Chris A. Mattmann added a comment -

          Hi,

          First off, thanks to David Recordon and others for their work to relicense ROCKSDB to be compatible with our Legal policy.

          I believe ROCKSDB ought to make a release under the new license before our ASF projects can use it (I don’t want to depend on a commit, I’d rather tell our projects to pin to a ROCKSDB $release that includes the commit).

          That would be the first step in using ROCKSDB in an ASF project. Once that happens let's revisit the discussion / decision here.

          Thanks,
          Chris

          Show
          chrismattmann Chris A. Mattmann added a comment - Hi, First off, thanks to David Recordon and others for their work to relicense ROCKSDB to be compatible with our Legal policy. I believe ROCKSDB ought to make a release under the new license before our ASF projects can use it (I don’t want to depend on a commit, I’d rather tell our projects to pin to a ROCKSDB $release that includes the commit). That would be the first step in using ROCKSDB in an ASF project. Once that happens let's revisit the discussion / decision here. Thanks, Chris
          Hide
          clr Craig L Russell added a comment -

          Chris A. Mattmann +1
          once RocksDB makes a release we can revisit.

          We can keep this issue closed and clarify that it refers to the current shipping release that is cat-x. Looks like 5.5.3 is the current release.

          We can create a new issue for a future release that removes RocksDB from cat-x. Perhaps 5.7.0

          Should we keep this issue (resolved) (fixed) or re-open it pending a release?

          Show
          clr Craig L Russell added a comment - Chris A. Mattmann +1 once RocksDB makes a release we can revisit. We can keep this issue closed and clarify that it refers to the current shipping release that is cat-x. Looks like 5.5.3 is the current release. We can create a new issue for a future release that removes RocksDB from cat-x. Perhaps 5.7.0 Should we keep this issue (resolved) (fixed) or re-open it pending a release?
          Hide
          wikier Sergio Fernández added a comment -

          One question I have for MARMOTTA-669: If we're using an old version with the old license, then this issue does not apply unless we upgrade the dependency, right?

          Show
          wikier Sergio Fernández added a comment - One question I have for MARMOTTA-669 : If we're using an old version with the old license, then this issue does not apply unless we upgrade the dependency, right?
          Hide
          kabhwan Jungtaek Lim added a comment -

          FYI, they released 5.5.4 and 5.5.5 respectively which only address license issue.
          https://github.com/facebook/rocksdb/releases

          Show
          kabhwan Jungtaek Lim added a comment - FYI, they released 5.5.4 and 5.5.5 respectively which only address license issue. https://github.com/facebook/rocksdb/releases
          Hide
          chrismattmann Chris A. Mattmann added a comment -
          Show
          chrismattmann Chris A. Mattmann added a comment - Sergio Fernández answered on MARMOTTA-669 .

            People

            • Assignee:
              chrismattmann Chris A. Mattmann
              Reporter:
              jjirsa Jeff Jirsa
            • Votes:
              0 Vote for this issue
              Watchers:
              37 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development