Hi,
For work, I was asked to deploy a TimescaleDB server and figured "bah,
that's C code, why isn't this in Debian!" I was about to file an RFP
when I tripped over the "unknown" license on their GitHub repository:
https://github.com/timescale/timescaledb/
I found that it's not actually licensed under an official, OSI-approved
free software license. A *part* of Timescale is licensed under
Apache-2.0, and that's fine, but a look at their LICENSE file:
https://github.com/timescale/timescaledb/blob/3c56d3ecebbf476293ff43ded142bc9e5087f6de/LICENSE
... which actually says:
> All source code should have information at the beginning of its respective file
> which specifies its licensing information.
>
> * Outside of the "tsl" directory, source code in a given file is licensed
> under the Apache License Version 2.0, unless otherwise noted (e.g., an
> Apache-compatible license).
>
> * Within the "tsl" folder, source code in a given file is licensed under the
> Timescale License, unless otherwise noted.
>
> When built, separate shared object files are generated for the Apache-licensed
> source code and the Timescale-licensed source code. The shared object binaries
> that contain `-tsl` in their name are licensed under the Timescale License.
Okay, so what's in that `tsl/` folder? there you have *another* LICENSE
file which is a custom license written specifically (presumably by
lawyers) for timescaleDB:
https://github.com/timescale/timescaledb/blob/3c56d3ecebbf476293ff43ded142bc9e5087f6de/tsl/LICENSE-TIMESCALE
I haven't read the entirety of it, but it's pretty clear to me that this
cannot be packaged in Debian at all, ever, under that license. Just
clause 2.2 (prohibiting use in "software-as-a-service") breaks clause 6
of the Debian free software guidelines. There's also limitations on
modification and distribution, and (rather oddly I must say) a GPL-like
contamination clause.
The SaaS clause looks a bit like the MongoDB-tyle of license (SSPL and
friends), which the OSI hasn't actually made a formal decision on,
because MongoDB retracted their application:
https://opensource.org/LicenseReview032019
... but OSI actually made a *statement on that license explicitly saying
that it's not "open source":
https://opensource.org/sspl-not-open-source
No doubt the latter was previously discussed here, but I figured I would
mention it for completeness's sake.
I should also state, for the record, that I am not a lawyer and the
above cannot, therefore, serve as legal advice.
Anyways, lots of fun, I almost have a headache now, but I figured I'd
drop this here because I haven't found a mention of TimescaleDB on any
Debian mailing list before. I figured I would save the trouble of future
enthusiasts by sharing my research more broadly.
a.
PS: I don't think we'll use this at work, but you never know. Curious
folks can followup here:
https://gitlab.torproject.org/tpo/tpa/team/-/issues/40770
There's more juicy stuff regarding the way we can use Timescale at all ,
even if we disregard the "DFSG-style" discussion...
--
You can't get to the moon by climbing successively taller trees.
- Akin's Laws of Spacecraft Design
Attachment:
signature.asc
Description: PGP signature