-
Story
-
Resolution: Done
-
Highest
-
None
-
None
Because of license issues with Liquibase core we need to investigate building liquibase-core from open source Apacahe-2.0 sources ourselves
see also this mail snippet from Steve Winslow (full mail thread attached as file):
"At the community discussion form post that I linked to below, https://forum.liquibase.org/t/licensing-questions-for-community-distro/5617/3, someone from the Liquibase team (I believe one of the primary authors) responded to my question there. They indicated that the built components they offer do contain both Apache-2.0 and proprietary code, and didn't appear to indicate that they could be redistributed due to the presence of the latter. Because of this, they indicated that if ONAP wants to have an open source / Apache-2.0 only version, we would need to build it from the Liquibase Apache-2.0 sources ourselves.
Separately, I shared the specifics of the Liquibase findings with the PTLs (in this same thread) and with the Legal Subcommittee. The only feedback I received was from one attorney on the Legal Subcommittee who stated their viewpoint that the licenses described would not work for ONAP and that alternatives should be used instead.
Given that, I think that the project will want to consider the first two options I had described below: either rebuilding liquibase-core from the source code to include only the Apache-2.0 components; or else switching to an alternative component."
- blocks
-
CPS-438 Make DB Schema Updates & Data Population More Robust for Kubernetes Environments
- Closed
- relates to
-
CPS-578 Review license violation report for Temporal
- Closed
-
CPS-963 Liquibase has got serious vulnerability, upgrade required
- Closed
- split from
-
CPS-400 PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR ISTANBUL
- Closed
- mentioned in
-
Page Loading...