classification
Title: BSDDB license missing from liscense page in 2.7.
Type: enhancement Stage: needs patch
Components: Documentation Versions: Python 2.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: docs@python Nosy List: Jeff.Laing, docs@python, jcea, michael.foord, r.david.murray
Priority: normal Keywords:

Created on 2012-05-09 01:08 by Jeff.Laing, last changed 2019-03-15 23:15 by BreamoreBoy.

Messages (11)
msg160238 - (view) Author: Jeff Laing (Jeff.Laing) Date: 2012-05-09 01:08
As part of an audit of license compliance, I was looking at the terms in the LICENSE.txt that describe the Berkeley DB product.  I had thought this would be under the standard Berkeley license, but Oracle have added their own zinger.

* 3. Redistributions in any form must be accompanied by information on
*    how to obtain complete source code for the DB software and any
*    accompanying software that uses the DB software.  The source code
*    must either be included in the distribution or be available for no
*    more than the cost of distribution plus a nominal fee, and must be
*    freely redistributable under reasonable conditions.  

So, my application, which embeds Python (rather than running it as python.exe) and includes the standard runtime library, must distribute my source code.

This page:

http://mail.python.org/pipermail/python-dev/2008-September/082316.html

suggests that this is not the case for regular Python, but it makes no statement about "embedding".  Sadly the Oracle page it links to suggesting this is not an issue, does not exist.

The general "License" page on the Python websites makes no reference whatsoever to Berkeley DB license obligations.

I note that there are other modules mentioned on the Licenses webpage that are not in the LICENSES.txt file, and vice versa.  I have no idea whether this is deliberate, or an oversight.
msg160239 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2012-05-09 01:19
Berkeley DB is no longer part of Python3, so I'm doubtful that this is going to be addressed.  If it is addressed, it would have to be by the PSF rather than the developers, since the PSF is responsible for licensing issues.  If you wish to pursue this I suggest emailing psf@python.org.

I'm going to close this ticket since there is nothing the developers can do about it.
msg160240 - (view) Author: Jeff Laing (Jeff.Laing) Date: 2012-05-09 02:06
With all due respect, I think that the 2.7.3 License Page is still being actively used by people as a reference, and it should be accurate. I agree that the code developers can't do anything, but the documentation for all releases, particularly in such a sensitive area as licensing, should be as up to date as possible.

Similarly, the 3.0 License page talks about a "_random" module which presumably is going ahead.  It has a license agreement displayed on the web page but I did not see that text copied into the regular LICENSE.txt that is part of the Python3 distribution, and that I assume meets the "supporting documentation" clause that all the module licenses seem to demand.

Ditto socket.
Ditto asyncore and asynchat.
Ditto Cookie.
Ditto trace.
Ditto xmlrpclib.
etcetera.

I agree this is all a documentation exercise - perhaps there is another bug tracker I should be reporting it in?
msg160280 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2012-05-09 12:07
The LICENSE.txt file is "just" the Python license, which has a rather convoluted history.  Newer contributions are all under an Apache-style license from the individual contributors.  My understanding (but I'm not a lawyer) is that everything in the distribution has been vetted as available for use under the LISCENSE.txt, which includes commercial use.  If you believe that the language either in that file or on the web site does not convey that legally, then psf@python.org is who you need to contact.  On the development side, the most we can do is update a license if someone figures out that it is appropriate to do so.

For the website text, there's a mailing list listed on the mail.python.org page.  There's a project ongoing to make updating the web site easier, but currently there aren't very many developers who do web site updates, and such updates are not tracked on this tracker, just on that mailing list.  (Yes, this is not ideal, but it is where we are at right now.)  I've added one of those devs as nosy, perhaps he will have additional comments.
msg160282 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2012-05-09 12:14
I am the maintainer of Berkeley DB python bindings, "pybsddb": http://www.jcea.es/programacion/pybsddb.htm

If I recall correctly, Berkeley DB license is something like this:

1. Your code must be open source, if you distribute the programs to others. You can write a program for your business, for instance, and don't care about licensing, if it used internally only.

OR

2. You have to pay a license to Oracle.

Choose one.

I could be mistaken...
msg160283 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2012-05-09 12:16
Could be useful if you directly talk to Oracle about this and communicate what you learned. It could even influence pybsddb licensing/documentation :).
msg160318 - (view) Author: Jeff Laing (Jeff.Laing) Date: 2012-05-10 00:29
@Jesús, as has been pointed out already, the Berkeley DB stuff is not part of Python 3 so I don't see any point in discussing this with Oracle.

We don't actually use or need the bsddb module, it's just part of the standard runtime library that we ship.

We will be removing the bsddb module from our distribution of the runtime library, while our app is embedding the 2.7 interpreter.  Once we go to 3.0, the problem becomes moot.

When discussing issues related to licensing, a visible audit trail is essential to show that one followed a genuine process in a timely fashion.  When the lawyers come howling to our door, I want to be able to point at archived documentation that showed we were not knowingly continuing to violate a license condition once we became aware of it.

With respect to mail.python.org mailing lists, the http://docs.python.org/bugs.html page explicitly says "if you want a more persistent record of your issue, you can use the issue tracker for documentation bugs as well".  That suggested to me that there were more than just "developers" listening here.

I feel like it's getting a bit meta if I raise an issue here requesting that the website be clarified to note that the documentors don't really look at issues here.

:-)

Thanks to all, my immediate problem is resolved, and I now know that I need to dig a lot deeper into all the documentation each time we upgrade, rather than assume that it's all consistent.
msg160320 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2012-05-10 01:39
Ah, I see.

No, the docs are correct, I'm the one who was mistaken.  I thought the license page was on www.python.org, rather than docs.python.org.  Developers *do* have full and easy access to docs.python.org, and we do track doc bugs here.

As with the rest of our documentation, the license documentation page is "more complete" than the source version.  (It's actually not in theory, it's just that it is collected all in one place...but the docs are shipped in the release tarballs, so the info is included in the distribution regardless).  

The license docs, unlike most of the rest of the docs, don't have 'version added' and 'deprecated' tags, so you have to refer to license page that relates to the specific version of python you are looking at.  However, it is not clear to me (given your BSDDB example) that this is in fact the case.  So I'm re-opening the issue hoping someone will be willing to do an audit.

But as you say, for due diligence you do have to look at the source as well as the docs, even if we fix this.
msg160322 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2012-05-10 02:33
If your program is not using Berkeley DB in any way, you don't need to worry about its license. The situation is similar to Berkeley DB being included in you linux distribution: if you don't use it, you don't have to worry.
msg160339 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2012-05-10 12:44
Given the way Oracle is currently behaving, I personally think he is wise to delete it.  It's optional at build-time anyway.
msg220661 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2014-06-15 18:24
I think msg160322 and msg160339 are saying this isn't an issue.  If I'm correct it can be closed. If I'm wrong who is best placed to provide the needed patch?
History
Date User Action Args
2019-03-15 23:15:28BreamoreBoysetnosy: - BreamoreBoy
2014-06-15 18:24:23BreamoreBoysetnosy: + BreamoreBoy
messages: + msg220661
2012-05-10 12:44:15r.david.murraysetmessages: + msg160339
2012-05-10 02:33:11jceasetmessages: + msg160322
2012-05-10 01:39:07r.david.murraysetstatus: closed -> open

title: Is LICENSES.txt up to date? -> BSDDB license missing from liscense page in 2.7.
messages: + msg160320
stage: resolved -> needs patch
2012-05-10 00:29:06Jeff.Laingsetmessages: + msg160318
2012-05-09 12:16:05jceasetmessages: + msg160283
2012-05-09 12:14:10jceasetnosy: + jcea
messages: + msg160282
2012-05-09 12:07:06r.david.murraysetnosy: + michael.foord

messages: + msg160280
title: Berkeley DB License conditions are onerous (and poorly documented) -> Is LICENSES.txt up to date?
2012-05-09 02:06:20Jeff.Laingsetmessages: + msg160240
2012-05-09 01:19:51r.david.murraysetstatus: open -> closed

nosy: + r.david.murray
messages: + msg160239

stage: resolved
2012-05-09 01:08:20Jeff.Laingcreate