[Cbc] Licensing question

Ted Ralphs ted at lehigh.edu
Tue Nov 17 23:41:28 EST 2020 

By the way, this would be a perfect question for the new Github Discussions
feature! If you would not mind moving some version of this question there,
I will copy my answer, as it would be nice to have it easily available for
the next time it comes up. Having it sitting there on Github with the
source code would be convenient and at some point, this mailing list will
be shut down in favor of Discussions anyway. Thanks!

Cheers,

Ted

On Tue, Nov 17, 2020 at 2:38 AM Jan-Willem Goossens <jhmgoossens at hotmail.com>
wrote:

> Ted,
>
> Thank you for the elaborate answer.
> For my builds from source code repos (without coin brew) this is very
> clear indeed:no third party code.
> Whenever I will build from a stable release’s tarball, I’ll verify what’s
> in the tarball.
>
> Thanks again for your help.
> Jan-Willem
>
>
> On 17 Nov 2020, at 06:37, Ted Ralphs <ted at lehigh.edu> wrote:
>
> 
> Hi all,
>
> We are pretty careful with licensing in general. No source from any of the
> third-party dependencies are included in any repo within the "coin-or"
> Github organization. All projects in the Optimization Suite are entirely
> licensed under the EPL. We use the term "Third Party" specifically to mean
> software that may be under a different license and/or copyright and that we
> therefore do not redistribute ourselves. We do link to available
> third-party libraries when they are already present on the user's machine.
> For the most part, it is up to the user to be aware of this.
>
> There are separate projects within the "coin-or-tools" Github organization
> that provide convenience scripts for downloading and building the source
> for some of these third-party dependencies. If you use the convenience
> scripts, it is up to you to be aware of the licenses of the downloaded
> code. If you use the coinbrew script to fetch a project and its
> dependencies, some of these convenience scripts may be run automatically.
> Currently, coinbrew does download third-party sources by default. I'm
> slowly rolling out a more nuanced dependency specification system that will
> categorize third-party packages as "optional" or "recommended" and will not
> download optional packages by default. If coinbrew downloads and builds any
> third-party codes automatically, you may end up with some of these
> dependencies as part of your self-built binary.
>
> You can prevent download of any third party source code by coinbrew by
> adding the argument "--no-third-party", but this will not prevent the
> configure script from finding certain libraries that are already installed
> on your system and linking to them. That should not be an issue unless you
> build and redistribute a static executable, which could then possibly
> include parts of the dependent libraries. To prevent this, you would need
> to use the appropriate arguments to the configure scripts to suppress use
> of particular libraries.  If you are building with shared libraries, then
> it is easy to verify with "ldd" what libraries are being linked to,
> including both those that are present on the system, e.g., were installed
> using a package manager, and those that were built using our wrappers.
>
> As for the distributed binaries, the answer may vary, depending on the
> specific version and platform. We've been evolving our recipe over time
> according to feedback. For non-static binaries, it's easy to check what
> exactly is distributed by checking the contents of the archive after
> downloading (though again, there is a chance the code might use a shared
> library already installed on your system under Linux, for example). For
> static binaries, you would need to check the recipe used to generate the
> binary, which would be in either the travis.yml or appveyor.yml
> configuration files for Linux/OS X and Windows, respectively.
>
> Sorry for the somewhat convoluted answer, but hopefully, this gives you
> all the information you need. Hope this helps and feel free to follow up
> with any further questions.
>
> Cheers,
>
> Ted
>
> On Mon, Nov 16, 2020 at 2:11 PM Jan-Willem Goossens <
> jhmgoossens at hotmail.com> wrote:
>
>> Dear all,
>>
>>
>>
>> Sorry for the partial email earlier.
>>
>>
>>
>> In short: Is it correct that none of non-EPL-licensed optional components
>> (GLPK, etc.) are included in the source repo of CBC and related
>> dependencies?
>>
>>
>>
>> I build CBC and its dependencies (Cbc, Clp, Cgl, Osi, CoinUtils,
>> BuildTools) from the master branch of their repos.
>>
>> These all mention EPL v2 as license in their root folder’s LICENSE file.
>>
>>
>>
>> However, optional components exist such as GLPK, GNU Readline, GNU
>> History, AMPL Solver Library (ASL), BLAS and LAPAC (etc.) that use
>> different licenses, and that I therefore want to avoid.
>>
>> Maybe a silly question, but such components are _*not*_ in the normal
>> repos (like https://github.com/coin-or/cbc), or are they?
>>
>> And as a consequence, these optional components are not in my self-built
>> CBC.
>>
>>
>>
>> Thank you for your help.
>>
>>
>>
>> Jan-Willem
>>
>>
>>
>>
>> _______________________________________________
>> Cbc mailing list
>> Cbc at list.coin-or.org
>> https://list.coin-or.org/mailman/listinfo/cbc
>>
>
>
> --
> Dr. Ted Ralphs
> Professor, Industrial and Systems Engineering
> Lehigh University
> (610) 628-1280
> ted 'at' lehigh 'dot' edu
> coral.ie.lehigh.edu/~ted
>
>

-- 
Dr. Ted Ralphs
Professor, Industrial and Systems Engineering
Lehigh University
(610) 628-1280
ted 'at' lehigh 'dot' edu
coral.ie.lehigh.edu/~ted
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.coin-or.org/pipermail/cbc/attachments/20201117/75469a61/attachment.html>

More information about the Cbc mailing list