Licensing: some composer packages slipped in which are not LGPL compatible
- Status
- Open
- Subject
- Licensing: some composer packages slipped in which are not LGPL compatible
- Version
- 19.x
20.x - Category
- Legislative Compliance
- Resolution status
- Fix on the Way
- Submitted by
- luci
- Keep informed
- Marc Laporte
- Lastmod by
- luci, Jonny Bradley
- Rating
- Description
I noticed in our
vendor_bundled/composer.lockthat some packages slipped in which are GPL or Apache licensed only (not compatible with LGPL), which might be a release blocker for us, namely:- https://github.com/h5p/h5p-php-library
- https://github.com/h5p/h5p-editor-php-library (Although it claims MIT the https://github.com/h5p/h5p-editor-php-library/blob/master/composer.json says GPL only)
- https://github.com/BafS/Testify.php (license mentioned in https://github.com/BafS/Testify.php/blob/master/composer.json)
- https://github.com/farbelous/bootstrap-colorpicker (Apache 2.0)
- https://github.com/apereo/phpCAS (Apache 2.0)
- https://github.com/zetacomponents/Webdav (Apache 2.0)
- https://github.com/zetacomponents/Base (Apache 2.0)
- https://github.com/ahand/mobileesp (Apache 2.0)
The incompatibility of Apache-2 and GPL-2 is well documented. If your software is a combined/derivate work with/of Apache-2 software, you cannot license that software under the GPL-2 and therefore cannot license it under the LGPL-2.1 either. - https://github.com/conversejs/converse.js (MPL 2.0) (not quite sure about this one but the diagram does not indicate it is compatible with LGPL 2.1)
- https://github.com/kaltura/KalturaGeneratedAPIClientsPHP53 (AGPL 3.0)
- https://github.com/PHPCompatibility/PHPCompatibility (LGPL 3.0+ - not sure it can be included in LGPL 2.1)
For more details see https://tiki.org/License- Solution
- Persuade the package owners to correct/double-license with LGPL compatible license (MIT, BSD, etc.) before we release 19.0 (sounds a bit unrealistic) or remove these libs from being bundled with Tiki release package.
- Workaround
- We will document our intention here to clean this up over the next few releases of Tiki
- Importance
- 10 high
- Priority
- 50
- Demonstrate Bug on Tiki 19+
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Show.tiki.org is not configured properlyThe public/private keys configured to connect to show2.tiki.org were not accepted. Please make sure you are using RSA keys. Thanks.
- Demonstrate Bug (older Tiki versions)
-
This bug has been demonstrated on show.tikiwiki.org
Please demonstrate your bug on show.tikiwiki.org
Show.tiki.org is not configured properlyThe public/private keys configured to connect to show.tikiwiki.org were not accepted. Please make sure you are using RSA keys. Thanks.
- Ticket ID
- 6914
- Created
- Monday 12 November, 2018 07:18:58 UTC
by luci - LastModif
- Thursday 15 November, 2018 16:00:16 UTC