Licenses of dependencies

Can you cc me please? Thanks!

As much as I don’t want to talk to lawyers, I’ll volunteer.

If the advice is to change the license in order to include the library, I’ll make sure that’s communicated to the TWG for review. There may be trickledown effects that we need to consider.

If it’s ok to stay BSD 3-clause, that really makes life easier.

me too please.

Daniel, I think we’ll have enough TWG representation there if you’d like to skip. I think you missed my post - I’m happy to take the bullet. But if you have specific questions you want to ask probably best if you’re present.

Something I’d like to work on requires a LGPL library, and the way I plan to do it is to provide compile switch to users so they can choose to download and build the LGPL’ed library that Stan compiler can link to.

That’s fine with me! Just so we’re clear on the expectation: whoever is there to talk to the lawyers will need to summarize the advice well enough for the Math developers, the TWG, and possibly the SGB.

Some specifics:

  • We’ll need enough technical people there to discuss exactly what’s included and how it’s used from within Math (@wds15 will be able to provide that context)
  • We’ll need to know what we can and can’t do to the included source. (We currently do some manipulation to the libraries… if this license does not allow that, we can’t do that; we might want to ask about the other licenses while we’re at it or discuss that at some other point)
  • We’ll need to be able to articulate how this affects upstream licensing. I don’t think it will have to change RStan or PyStan since those are GPL, but whatever is applied to Math will probably affect CmdStan. (This is where we’d need to communicate back to the TWG the implications.)

At the end of it, if the lawyers say we can stick with BSD, that’s awesome and we can go on with our business. We should let TWG and SGB know that it’s compatible so it’s recorded for prosperity. The decision is then just a technical decision.

If the lawyers say we have to change licenses, then it becomes a joint Math and TWG decision.

Anyway… you good with all of that (and possibly more)? If so, then I’m happy not to be on the call.


If we’re going to collect other things to talk to the lawyers about:

  • Eigen license and what we need to do when we modify Eigen source; whether we’re ok with BSD 3-clause
  • Boost license and what we need to do when we modify Boost source; whether we’re ok with BSD 3-clause
  • Sundials license and what we need to do when we modify Sundials; whether we’re ok with BSD 3-clause
  • LGPL; @yizhang’s question from above

Yeah you should definitely come as it looks like you have specific questions :P My API to IP lawyers is basically to assume I can ask very specific questions and get answers back as if from an oracle, but that I shouldn’t try to generalize or learn how the oracle works.

Hi!

I have done a bit of more research on the matter and wanted to share that.

My conclusion is that we can simply include the Intel TBB without any hassle at all. The Apache 2.0 is just as permissive as the BSD in practical terms of using / distribution / changing things / commercial use / whatever. The key limitation of the licencse is wrt to patents. So you may use the software without any problem even if patents are in that software (we are protected) - but you are also not allowed to make any legal claims wrt to a patent in court.

So, how do I get there? Well, here is a nice summary: https://snyk.io/blog/mit-apache-bsd-fairest-of-them-all/

Another interesting read is what FreeBSD and OpenBSD has to say about the Apache 2.0 license. So the OpenBSD project is super tight on this. To them any deviation from BSD is a no-go. They argue that the patent stuff is taking away some liberty from you and they also say that the terms are anyway questionable to have any meaning in whatever jurisdiction contexts this would be applied. Now, the FreeBSD project is more open (see https://www.freebsd.org/internal/software-license.html). They are OK with the Apache 2.0 licencse, but inclusion of a package requires permission from the core developers. In fact, the FreeBSD project includes the Intel TBB (https://svnweb.freebsd.org/ports/head/devel/tbb/).

To me this would be enough to conclude that we are fine with including the Apache 2.0 Intel TBB. Moreover, we can leave stan-math as BSD since the FreeBSD project is doing the same and these folks are very cautious about their choices they make - they would never allow license creep to happen to them, I think.

My 2 cents.

Best,
Sebastian

EDIT: Two more good links which are from github: