Hi, For work, I was asked to deploy a TimescaleDB server and figured "bah, that's C code, why isn't this in Debian!" I was about to file an RFP when I tripped over the "unknown" license on their GitHub repository:
https://github.com/timescale/timescaledb/ I found that it's not actually licensed under an official, OSI-approved free software license. A *part* of Timescale is licensed under Apache-2.0, and that's fine, but a look at their LICENSE file: https://github.com/timescale/timescaledb/blob/3c56d3ecebbf476293ff43ded142bc9e5087f6de/LICENSE ... which actually says: > All source code should have information at the beginning of its respective > file > which specifies its licensing information. > > * Outside of the "tsl" directory, source code in a given file is licensed > under the Apache License Version 2.0, unless otherwise noted (e.g., an > Apache-compatible license). > > * Within the "tsl" folder, source code in a given file is licensed under the > Timescale License, unless otherwise noted. > > When built, separate shared object files are generated for the Apache-licensed > source code and the Timescale-licensed source code. The shared object binaries > that contain `-tsl` in their name are licensed under the Timescale License. Okay, so what's in that `tsl/` folder? there you have *another* LICENSE file which is a custom license written specifically (presumably by lawyers) for timescaleDB: https://github.com/timescale/timescaledb/blob/3c56d3ecebbf476293ff43ded142bc9e5087f6de/tsl/LICENSE-TIMESCALE I haven't read the entirety of it, but it's pretty clear to me that this cannot be packaged in Debian at all, ever, under that license. Just clause 2.2 (prohibiting use in "software-as-a-service") breaks clause 6 of the Debian free software guidelines. There's also limitations on modification and distribution, and (rather oddly I must say) a GPL-like contamination clause. The SaaS clause looks a bit like the MongoDB-tyle of license (SSPL and friends), which the OSI hasn't actually made a formal decision on, because MongoDB retracted their application: https://opensource.org/LicenseReview032019 ... but OSI actually made a *statement on that license explicitly saying that it's not "open source": https://opensource.org/sspl-not-open-source No doubt the latter was previously discussed here, but I figured I would mention it for completeness's sake. I should also state, for the record, that I am not a lawyer and the above cannot, therefore, serve as legal advice. Anyways, lots of fun, I almost have a headache now, but I figured I'd drop this here because I haven't found a mention of TimescaleDB on any Debian mailing list before. I figured I would save the trouble of future enthusiasts by sharing my research more broadly. a. PS: I don't think we'll use this at work, but you never know. Curious folks can followup here: https://gitlab.torproject.org/tpo/tpa/team/-/issues/40770 There's more juicy stuff regarding the way we can use Timescale at all , even if we disregard the "DFSG-style" discussion... -- You can't get to the moon by climbing successively taller trees. - Akin's Laws of Spacecraft Design
signature.asc
Description: PGP signature
