niq’s soapbox

The subject of bundling the MySQL driver with APR has resurfaced on the APR developer list.

It looks different to last time it was discussed. We can still argue over whether the driver or anything else is a derived work within the meaning of the GPL. But we don’t really need to: we have MySQL’s FOSS “exception” explicitly sanctioning what we want to do. And we’ve reviewed it in the context of Debian bundling the driver.

Suppose we were distributing a non-free product that was arguably a MySQL “derivative work” under the terms of the GPL. We could negotiate terms with MySQL. For a commercial product, that would probably mean paying them money, but that’s beside the point. Under our agreement with MySQL, we can distribute our product on our agreed terms, without reference to the GPL. No problem.

But that’s exactly what the FOSS Exception gives us. Explicit permission to distribute our product under the ASL. We didn’t pay for it, but we got it anyway. End of problem.

I think that driver could finally be migrating to apache.org. Thanks to Joachim for prompting me to revisit the subject.

GPLv3 is old news now. I haven’t blogged about it before, and so far as I can recollect, the nearest to it I’ve come is in raising an eyebrow at the shenanigans around ASL compatibility.

I am a fan of GPLv2, and commonly apply it to my work when there is a free choice. I’m not sure about v3: I need to find time to read what it’s finally become first. But I have a gut feeling, which goes something like:

GPLv2 - a work of genius.

GPLv3 - a work of committee.

Now I see Anthony Towns blogs about what looks like a very nasty gotcha: LGPLv3 incompatible with GPLv2. If he’s right, that’s likely to cause serious grief not only in the pedantic camp (Debian et al), but also in the centre ground (Redhat, etc). Who foresaw/intended that?

But such an incompatibility also feels like a suicide note for GPL as a mass-participation movement. As of now, the GPL has a very long tail: independent developers (such as Yours Truly) licensing works under the GPL. Most “long tail” works may have little or no value individually, but the tail as a whole comprises a very substantial body of work. Not everyone in that tail is going to pay attention to the nuances of a license change. I expect we’ll have chaos, and a lot of unnoticed technical violations.

That looks like fertile ground for lawyers when someone big and serious - for example Microsoft - wants to fight the GPL.

OK, I’ve re-licensed apr_dbd_mysql to permit distribution under the ASL 2.0 when aggregated with APR-UTIL.  Due to the licensing incompatibility, this is necessary if it is to be aggregated.  Which in turn makes life easier for end-users.

This follows recent discussion with the Debian packagers.  The original problem is discussed in more detail here.

My attention has just been drawn to Debian bugs 395959/403541 re: packaging the MySQL driver in apr-util. This is a legal problem of meeting the terms of all licenses involved.

That’s bad, because I believe packagers such as Debian are precisely the people best placed to make this integration available to end-users. Speaking as a key holder of the intellectual property in question, maybe I can help. I just posted an entry to the Debian bug tracker, but I’m not sure how that works. So I’ll blog it here for the record.

Hi,

Joachim has just drawn my attention to this report.

I am the original developer of the MySQL driver, and it was originally my decision to license it under the GPL. I’m also director of WebThing, and a member of the Apache Software Foundation (though not, in this message, speaking in an official capacity).

I’m not dogmatic about the licensing, and I’d be happy for it to change if it helps, subject to the constraints of the other licenses involved. Originally I’d have been more dogmatic about it, because apr_dbd_mysql released under the Apache license seems to risk undermining MySQL’s GPL rights, and I didn’t want to be responsible for that. However, MySQL AB has made it clear that they are happy to live with that: indeed, they explicitly name APR and the Apache license at http://www.mysql.com/company/legal/licensing/foss-exception.html

So the sticking point is no longer the GPL, but rather ASF policy, which does not permit us to distribute anything that would impose restrictions on our users, over and above those in the Apache License. The ASF takes the view that to take advantage of MySQL’s exception risks leaving our users in limbo. That clearly doesn’t apply to Debian: your primary license is after all the GPL.

A quick google reveals that some Linux distros have apr_dbd_mysql as a separate (RPM) package, and have presumably built apr-util to enable dynamic loading of a DBD driver. This seems to me an excellent solution.

I hope Debian will see a way to make this available for your users. If I can help, please ask.

On October 17th, MySQL AB announced a new commercial offering, based of course on their renowned opensource database product. Apache folks Ian Holsman and Steve Loughran comment on the announcement.

But we have a very similar scenario even closer to home, with the acquisition by Breach Security of mod_security. I’ve actually been thinking about the possible implications of that one, with a view to featuring it in my column for El Reg, and my conclusion is that if Ristic and Breach play their cards right, this could be good news for everyone. Ristic’s interview with securityfocus is reassuring on this count.

One thing that may have profoundly affected the mod_security situation is the use of the GPL. Of course, Breach (like MySQL) can do exactly what they like with their product. But if AN Other bases a new product on it - and mod_security certainly has scope for that - it has a profound effect. In effect, Breach have bought themselves a monopoly on the right to release a closed-source enterprise edition.