License issue with iText 4.2.0

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
39 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

taher
First of all, I think it's always a bad idea to "comment out" any
code, and the general rule of thumb is to prefer deleting.

Second, the framework and plugins are two separate projects. You
cannot crash the standalone framework so that the plugins can work,
because you're making the framework depend on plugins.

On Tue, Jun 12, 2018 at 11:45 AM, Jacques Le Roux
<[hidden email]> wrote:

> Le 11/06/2018 à 20:31, Taher Alkhateeb a écrit :
>>
>> There are 18 emails so far in this thread of which 13 are yours.
>>
>> - You mentioned stuff from wikipedia
>> - then you mentioned stuff about licensing
>> - then you switched to birt
>> - then you talked about the author
>> - then you go back to questioning how to render PDFs in BIRT
>> - then you talk about your test logs for PDF rendering in BIRT (or
>> something like that)
>> - then you talk about the gradle cache
>> - then you talk about digital signatures
>> - then you talk about discussing things with apache legal
>> - then you ask people for their opinion
>> - then you go back to BIRT
>>
>> So to answer your question, YES, it's very hard to read you :) Many of
>> your emails are long with lots of URLs and jump around multiple
>> topics. I personally cannot keep up, and that's why when you present a
>> question to the community, I have to ask you to pin down exactly what
>> you want.
>
> Yes legal question matters and are often a delicate matter to handle. So I
> ferreted around for clues and reported what I found while doing it.
> I agree it's maybe not the best way to interact with the ML. I was unsure of
> the facts, so shared to hopefully get some help from the ML.
> I'll now try to summarize in this message
>
>>
>> Now back to this thread: I'm always in favor of completely removing
>> libraries where possible. This means refactoring CompDocServices.java
>> and PdfSurveyServices.java. I'm not sure how much work would that be,
>> but if it is a lot of work, then the work that I proposed might be a
>> quick fix for now (exclusion in gradle).
>
> At 1st glance your idea seems the best quick solution. But if you read my
> messages you will see that even using itext 4.2.0 is legally not a good
> idea.
> So while ferreting around I found that I was able to comment it out also in
> Gradle build: "//compile 'com.lowagie:itext:4.2.0'"
> I mean doing so does not prevent Birt to render PDF files. So I wondered why
> and finally found that the version com.lowagie.text 2.1.7, *which has no
> legal issues*, is embedded in org.eclipse.birt.runtime.3_7_1
> You may find it in your cache, for me it's in
> Z:\Gradle\caches\modules-2\metadata-2.16\descriptors\org.eclipse.birt.runtime.3_7_1\com.lowagie.text
>
> So if you remove all itext related files in your Gradle cache you will still
> have lowagie files, for me it's at
> Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\com.lowagie.text\2.1.7\18d4c7c2014447eacfd00c65c717b3cfc422407b\com.lowagie.text-2.1.7.jar
> When I look for source this is also what Eclipse reports.
>
> So I believe we can get rid of "compile 'com.lowagie:itext:4.2.0'" and Birt
> continues to work and render PDFs. For advanced features, users need to buy
> a commercial version of itext.
>
> For me that seems the best OOTB solution. I hope this is clear enough, else
> please ask :)
>
> Jacques
>
>
>
>>
>> On Mon, Jun 11, 2018 at 8:25 PM, Jacques Le Roux
>> <[hidden email]> wrote:
>>>
>>> No, I'm suggesting to drop itext as a whole, not only itextpdf.
>>>
>>> Is it so difficult to read me :-o ?
>>>
>>> I 1st spoke about "itext/4.2.0" (not itextpdf at all). Then I suggested
>>> to
>>> remove "it".
>>>
>>> <<Also from few tests I did, it seems we don't need it to render PDF with
>>> Birt. Please confirm...>>
>>>
>>> I believe (it's no clear from Birt side) itext is something we drag from
>>> the
>>> 1st contribution of Birt in OFBiz. And Birt is now able to render PDF w/o
>>> itext.
>>> In some edge cases (at least: digital signature[1], 4 bytes UTF-8[2])
>>> users
>>> would still need to use itext. See my previous last message for other
>>> details:
>>> <<Since it works for me w/  "compile 'com.lowagie:itext" commented out
>>> after
>>> clearing the Gradle cache from all itext files>>
>>>
>>> Jacques
>>>
>>> [1] https://s.apache.org/b2sQ
>>>
>>> [2] https://s.apache.org/Ib78
>>>
>>>
>>>
>>> Le 11/06/2018 à 16:37, Taher Alkhateeb a écrit :
>>>>
>>>> I'm a bit lost. What are you _exactly_ proposing to do here? Are you
>>>> suggesting my exclusion syntax above (BTW better remove the version),
>>>> or are you suggesting something else?
>>>>
>>>> On Mon, Jun 11, 2018 at 3:10 PM, Jacques Le Roux
>>>> <[hidden email]> wrote:
>>>>>
>>>>> Le 08/06/2018 à 16:29, Jacques Le Roux a écrit :
>>>>>>
>>>>>> Are we sure there are no legal issues doing so?
>>>>>>
>>>>>> It seems OK at
>>>>>> https://mvnrepository.com/artifact/com.lowagie/itext/4.2.0
>>>>>> (MPL)
>>>>>>
>>>>>> But reading
>>>>>> https://developers.itextpdf.com/question/versions-older-than-5
>>>>>> which applies also to 4.2.0 (see bottom "Some people claim that they
>>>>>> use
>>>>>> iText 4.2.0, but that version has never been officially released")
>>>>>> itext
>>>>>> seems a legal issue globally (not only itextpdf)
>>>>>>
>>>>>> Maybe we should ask legal?
>>>>>>
>>>>>> Also from few tests I did, it seems we don't need it to render PDF
>>>>>> with
>>>>>> Birt. Please confirm...
>>>>>
>>>>>
>>>>> Did someone else tests?
>>>>> Since it works for me w/  "compile 'com.lowagie:itext" commented out
>>>>> after
>>>>> clearing the Gradle cache from all itext files I believe it should work
>>>>> for
>>>>> everyone else. Please confirm, should I open a Jira now?
>>>>>
>>>>> Now if users are of need of itext for other reasons (I found a couple
>>>>> of
>>>>> them Googling) they should take their responsibility. What are other
>>>>> opinions here?
>>>>>
>>>>> Jacques
>>>>>
>>>>>
>>>>>> Jacques
>>>>>>
>>>>>> Le 08/06/2018 à 16:03, Scott Gray a écrit :
>>>>>>>
>>>>>>> Thanks Taher! Perfect simple solution.
>>>>>>>
>>>>>>> Regards
>>>>>>> Scott
>>>>>>>
>>>>>>> On Fri, 8 Jun 2018, 23:19 Taher Alkhateeb,
>>>>>>> <[hidden email]>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> So we exclude the transitive dependency in build.gradle and if
>>>>>>>> everything
>>>>>>>> works then we're fine.
>>>>>>>>
>>>>>>>> Syntax:
>>>>>>>>
>>>>>>>> compile('com.lowagie:itext:4.2.0') {
>>>>>>>>        exclude 'com.itextpdf:itextpdf:5.5.6'
>>>>>>>> }
>>>>>>>>
>>>>>>>> On Fri, Jun 8, 2018, 11:40 AM Scott Gray
>>>>>>>> <[hidden email]>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hey Jacques,
>>>>>>>>>
>>>>>>>>> Maybe I wasn't clear, OFBiz is downloading 5.5.6 as a dependency of
>>>>>>>>
>>>>>>>> 4.2.0,
>>>>>>>>>
>>>>>>>>> does it make sense?
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>> Scott
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, 8 Jun 2018, 19:30 Jacques Le Roux,
>>>>>>>>> <[hidden email]
>>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> I suggest this comment, a Jira seems appropriate
>>>>>>>>>>
>>>>>>>>>> -    compile 'com.lowagie:itext:4.2.0'
>>>>>>>>>> +    compile 'com.lowagie:itext:4.2.0' // don't update to 5+
>>>>>>>>>> because
>>>>>>>>>> of
>>>>>>>>>> license change
>>>>>>>>>>
>>>>>>>>>> Jacques
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Le 08/06/2018 à 09:26, Jacques Le Roux a écrit :
>>>>>>>>>>>
>>>>>>>>>>> Le 08/06/2018 à 09:24, Jacques Le Roux a écrit :
>>>>>>>>>>>>
>>>>>>>>>>>> Hi Scott,
>>>>>>>>>>>>
>>>>>>>>>>>> Reading Wikipedia It's OK as long as we don't update to a
>>>>>>>>>>>> version
>>>>>>>>>
>>>>>>>>> = 5
>>>>>>>>>>
>>>>>>>>>> https://en.wikipedia.org/wiki/IText
>>>>>>>>>>>
>>>>>>>>>>> Here is another source for MPL licensing:
>>>>>>>>>>
>>>>>>>>>> https://www.eclipse.org/forums/index.php/t/175386/
>>>>>>>>>>>>
>>>>>>>>>>>> <<The source code was initially distributed as open source under
>>>>>>>>>>>> the
>>>>>>>>>>
>>>>>>>>>> Mozilla Public License <
>>>>>>>>>> https://en.wikipedia.org/wiki/Mozilla_Public_License>
>>>>>>>>>>>>
>>>>>>>>>>>> or the GNU Library General Public License <
>>>>>>>>>>
>>>>>>>>>> https://www.gnu.org/licenses/old-licenses/lgpl-2.0.en.html> open
>>>>>>>>
>>>>>>>> source
>>>>>>>>>>
>>>>>>>>>> licenses. However, as of version
>>>>>>>>>>>>
>>>>>>>>>>>> 5.0.0 (released Dec 7, 2009) it is distributed under the Affero
>>>>>>>>>
>>>>>>>>> General
>>>>>>>>>>
>>>>>>>>>> Public License
>>>>>>>>>>>>
>>>>>>>>>>>> <https://en.wikipedia.org/wiki/Affero_General_Public_License>
>>>>>>>>
>>>>>>>> version
>>>>>>>>>>
>>>>>>>>>> 3.>>
>>>>>>>>>>>>
>>>>>>>>>>>> MPL being OK as binary
>>>>>>>>>>>>
>>>>>>>>>>>> Jacques
>>>>>>>>>>>>
>>>>>>>>>>>> Le 08/06/2018 à 03:57, Scott Gray a écrit :
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I just noticed that the iText maven bundle is a bit tricksy and
>>>>>>>>>>
>>>>>>>>>> includes
>>>>>>>>>>>>>
>>>>>>>>>>>>> iText 5.6.6 as a dependency, with the latter being GPL
>>>>>>>>>>>>> licensed.
>>>>>>>>
>>>>>>>> You
>>>>>>>>>>
>>>>>>>>>> can
>>>>>>>>>>>>>
>>>>>>>>>>>>> see it by running "./gradlew -q dependencies":
>>>>>>>>>>>>> +--- com.lowagie:itext:4.2.0
>>>>>>>>>>>>> |    \--- com.itextpdf:itextpdf:5.5.6
>>>>>>>>>>>>>
>>>>>>>>>>>>> I haven't checked to see if the later version is actually used
>>>>>>>>>>>>> by
>>>>>>>>
>>>>>>>> our
>>>>>>>>>>
>>>>>>>>>> code
>>>>>>>>>>>>>
>>>>>>>>>>>>> and I'm not sure if merely downloading it causes licensing
>>>>>>>>>>>>> issues,
>>>>>>>>>
>>>>>>>>> but
>>>>>>>>>>
>>>>>>>>>> I
>>>>>>>>>>>>>
>>>>>>>>>>>>> thought I'd bring the question here in case anyone else has
>>>>>>>>>>>>> already
>>>>>>>>>>
>>>>>>>>>> looked
>>>>>>>>>>>>>
>>>>>>>>>>>>> into it.  Not sure what the work-around would be if it is an
>>>>>>>>>>>>> issue.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards
>>>>>>>>>>>>> Scott
>>>>>>>>>>>>>
>
Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
Le 12/06/2018 à 11:56, Taher Alkhateeb a écrit :
> First of all, I think it's always a bad idea to "comment out" any
> code, and the general rule of thumb is to prefer deleting.
Mmm, what? I just commented out to test. Your comment makes no sense to me, you could have avoided it.
Of course it's to be deleted if we get this way, should I have said that for you to understand, or?

> Second, the framework and plugins are two separate projects. You
> cannot crash the standalone framework so that the plugins can work,
> because you're making the framework depend on plugins.
Right, then the solution, like I suggested before, seems to use the itext 2.1.7 version which "has no legal issue", compile and run.
com.lowagie.text.* is included in the 3.6.1 BIRT runtime jar that we use, and there is a legal agreement between the BIRT team and Bruno Lowagie to
use this version[1].

Lowagie says there are still legal issues with itext 2.1.7 and older versions as explained at
https://developers.itextpdf.com/question/versions-older-than-5
This post says there is no longer a copy in stackoverflow but actually there is an archive: https://s.apache.org/4QUU, anyway same text.
So just looking at the license is not enough.

Now something more, I checked the last version (4.7.0) of the BIRT runtine and it contains com.lowagie.text_2.1.7.v201004222200.jar
Inside the jar I read in the about.html that the original itext-2.1.7.jar. is used (no modifications) same for itext Asian 1.5.2 version.
There are more legal information in about_files\misc_licenses.txt and as far as I understand the only IP infringement would be to use itext-2.1.7.jar
in a nuclear context:

<<You acknowledge that this software is not designed or intended for
  use in the design, construction, operation or maintenance of any
  nuclear facility.>>

So for me, as long as we warn our users about this nuclear restriction there should be no problem using com.lowagie.text_2.1.7.v201004222200.jar
Please check the content of about_files\misc_licenses.txt in case I missed something.

Of course we should ask the legal team before taking a formal decision about it.
I think we have now enough material to ask, and I'll create a LEGAL Jira in a week. Please speak before if you think I missed something

Jacques
[1] Damned I can't find it again, but anyway it's not the problem. The problem is possible IP infringement in any itext versions before 5.


>
> On Tue, Jun 12, 2018 at 11:45 AM, Jacques Le Roux
> <[hidden email]> wrote:
>> Le 11/06/2018 à 20:31, Taher Alkhateeb a écrit :
>>> There are 18 emails so far in this thread of which 13 are yours.
>>>
>>> - You mentioned stuff from wikipedia
>>> - then you mentioned stuff about licensing
>>> - then you switched to birt
>>> - then you talked about the author
>>> - then you go back to questioning how to render PDFs in BIRT
>>> - then you talk about your test logs for PDF rendering in BIRT (or
>>> something like that)
>>> - then you talk about the gradle cache
>>> - then you talk about digital signatures
>>> - then you talk about discussing things with apache legal
>>> - then you ask people for their opinion
>>> - then you go back to BIRT
>>>
>>> So to answer your question, YES, it's very hard to read you :) Many of
>>> your emails are long with lots of URLs and jump around multiple
>>> topics. I personally cannot keep up, and that's why when you present a
>>> question to the community, I have to ask you to pin down exactly what
>>> you want.
>> Yes legal question matters and are often a delicate matter to handle. So I
>> ferreted around for clues and reported what I found while doing it.
>> I agree it's maybe not the best way to interact with the ML. I was unsure of
>> the facts, so shared to hopefully get some help from the ML.
>> I'll now try to summarize in this message
>>
>>> Now back to this thread: I'm always in favor of completely removing
>>> libraries where possible. This means refactoring CompDocServices.java
>>> and PdfSurveyServices.java. I'm not sure how much work would that be,
>>> but if it is a lot of work, then the work that I proposed might be a
>>> quick fix for now (exclusion in gradle).
>> At 1st glance your idea seems the best quick solution. But if you read my
>> messages you will see that even using itext 4.2.0 is legally not a good
>> idea.
>> So while ferreting around I found that I was able to comment it out also in
>> Gradle build: "//compile 'com.lowagie:itext:4.2.0'"
>> I mean doing so does not prevent Birt to render PDF files. So I wondered why
>> and finally found that the version com.lowagie.text 2.1.7, *which has no
>> legal issues*, is embedded in org.eclipse.birt.runtime.3_7_1
>> You may find it in your cache, for me it's in
>> Z:\Gradle\caches\modules-2\metadata-2.16\descriptors\org.eclipse.birt.runtime.3_7_1\com.lowagie.text
>>
>> So if you remove all itext related files in your Gradle cache you will still
>> have lowagie files, for me it's at
>> Z:\Gradle\caches\modules-2\files-2.1\org.eclipse.birt.runtime.3_7_1\com.lowagie.text\2.1.7\18d4c7c2014447eacfd00c65c717b3cfc422407b\com.lowagie.text-2.1.7.jar
>> When I look for source this is also what Eclipse reports.
>>
>> So I believe we can get rid of "compile 'com.lowagie:itext:4.2.0'" and Birt
>> continues to work and render PDFs. For advanced features, users need to buy
>> a commercial version of itext.
>>
>> For me that seems the best OOTB solution. I hope this is clear enough, else
>> please ask :)
>>
>> Jacques
>>
>>
>>
>>> On Mon, Jun 11, 2018 at 8:25 PM, Jacques Le Roux
>>> <[hidden email]> wrote:
>>>> No, I'm suggesting to drop itext as a whole, not only itextpdf.
>>>>
>>>> Is it so difficult to read me :-o ?
>>>>
>>>> I 1st spoke about "itext/4.2.0" (not itextpdf at all). Then I suggested
>>>> to
>>>> remove "it".
>>>>
>>>> <<Also from few tests I did, it seems we don't need it to render PDF with
>>>> Birt. Please confirm...>>
>>>>
>>>> I believe (it's no clear from Birt side) itext is something we drag from
>>>> the
>>>> 1st contribution of Birt in OFBiz. And Birt is now able to render PDF w/o
>>>> itext.
>>>> In some edge cases (at least: digital signature[1], 4 bytes UTF-8[2])
>>>> users
>>>> would still need to use itext. See my previous last message for other
>>>> details:
>>>> <<Since it works for me w/  "compile 'com.lowagie:itext" commented out
>>>> after
>>>> clearing the Gradle cache from all itext files>>
>>>>
>>>> Jacques
>>>>
>>>> [1] https://s.apache.org/b2sQ
>>>>
>>>> [2] https://s.apache.org/Ib78
>>>>
>>>>
>>>>
>>>> Le 11/06/2018 à 16:37, Taher Alkhateeb a écrit :
>>>>> I'm a bit lost. What are you _exactly_ proposing to do here? Are you
>>>>> suggesting my exclusion syntax above (BTW better remove the version),
>>>>> or are you suggesting something else?
>>>>>
>>>>> On Mon, Jun 11, 2018 at 3:10 PM, Jacques Le Roux
>>>>> <[hidden email]> wrote:
>>>>>> Le 08/06/2018 à 16:29, Jacques Le Roux a écrit :
>>>>>>> Are we sure there are no legal issues doing so?
>>>>>>>
>>>>>>> It seems OK at
>>>>>>> https://mvnrepository.com/artifact/com.lowagie/itext/4.2.0
>>>>>>> (MPL)
>>>>>>>
>>>>>>> But reading
>>>>>>> https://developers.itextpdf.com/question/versions-older-than-5
>>>>>>> which applies also to 4.2.0 (see bottom "Some people claim that they
>>>>>>> use
>>>>>>> iText 4.2.0, but that version has never been officially released")
>>>>>>> itext
>>>>>>> seems a legal issue globally (not only itextpdf)
>>>>>>>
>>>>>>> Maybe we should ask legal?
>>>>>>>
>>>>>>> Also from few tests I did, it seems we don't need it to render PDF
>>>>>>> with
>>>>>>> Birt. Please confirm...
>>>>>>
>>>>>> Did someone else tests?
>>>>>> Since it works for me w/  "compile 'com.lowagie:itext" commented out
>>>>>> after
>>>>>> clearing the Gradle cache from all itext files I believe it should work
>>>>>> for
>>>>>> everyone else. Please confirm, should I open a Jira now?
>>>>>>
>>>>>> Now if users are of need of itext for other reasons (I found a couple
>>>>>> of
>>>>>> them Googling) they should take their responsibility. What are other
>>>>>> opinions here?
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>>
>>>>>>> Jacques
>>>>>>>
>>>>>>> Le 08/06/2018 à 16:03, Scott Gray a écrit :
>>>>>>>> Thanks Taher! Perfect simple solution.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Scott
>>>>>>>>
>>>>>>>> On Fri, 8 Jun 2018, 23:19 Taher Alkhateeb,
>>>>>>>> <[hidden email]>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> So we exclude the transitive dependency in build.gradle and if
>>>>>>>>> everything
>>>>>>>>> works then we're fine.
>>>>>>>>>
>>>>>>>>> Syntax:
>>>>>>>>>
>>>>>>>>> compile('com.lowagie:itext:4.2.0') {
>>>>>>>>>         exclude 'com.itextpdf:itextpdf:5.5.6'
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> On Fri, Jun 8, 2018, 11:40 AM Scott Gray
>>>>>>>>> <[hidden email]>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hey Jacques,
>>>>>>>>>>
>>>>>>>>>> Maybe I wasn't clear, OFBiz is downloading 5.5.6 as a dependency of
>>>>>>>>> 4.2.0,
>>>>>>>>>> does it make sense?
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>> Scott
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, 8 Jun 2018, 19:30 Jacques Le Roux,
>>>>>>>>>> <[hidden email]
>>>>>>>>>>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> I suggest this comment, a Jira seems appropriate
>>>>>>>>>>>
>>>>>>>>>>> -    compile 'com.lowagie:itext:4.2.0'
>>>>>>>>>>> +    compile 'com.lowagie:itext:4.2.0' // don't update to 5+
>>>>>>>>>>> because
>>>>>>>>>>> of
>>>>>>>>>>> license change
>>>>>>>>>>>
>>>>>>>>>>> Jacques
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Le 08/06/2018 à 09:26, Jacques Le Roux a écrit :
>>>>>>>>>>>> Le 08/06/2018 à 09:24, Jacques Le Roux a écrit :
>>>>>>>>>>>>> Hi Scott,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Reading Wikipedia It's OK as long as we don't update to a
>>>>>>>>>>>>> version
>>>>>>>>>> = 5
>>>>>>>>>>> https://en.wikipedia.org/wiki/IText
>>>>>>>>>>>> Here is another source for MPL licensing:
>>>>>>>>>>> https://www.eclipse.org/forums/index.php/t/175386/
>>>>>>>>>>>>> <<The source code was initially distributed as open source under
>>>>>>>>>>>>> the
>>>>>>>>>>> Mozilla Public License <
>>>>>>>>>>> https://en.wikipedia.org/wiki/Mozilla_Public_License>
>>>>>>>>>>>>> or the GNU Library General Public License <
>>>>>>>>>>> https://www.gnu.org/licenses/old-licenses/lgpl-2.0.en.html> open
>>>>>>>>> source
>>>>>>>>>>> licenses. However, as of version
>>>>>>>>>>>>> 5.0.0 (released Dec 7, 2009) it is distributed under the Affero
>>>>>>>>>> General
>>>>>>>>>>> Public License
>>>>>>>>>>>>> <https://en.wikipedia.org/wiki/Affero_General_Public_License>
>>>>>>>>> version
>>>>>>>>>>> 3.>>
>>>>>>>>>>>>> MPL being OK as binary
>>>>>>>>>>>>>
>>>>>>>>>>>>> Jacques
>>>>>>>>>>>>>
>>>>>>>>>>>>> Le 08/06/2018 à 03:57, Scott Gray a écrit :
>>>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I just noticed that the iText maven bundle is a bit tricksy and
>>>>>>>>>>> includes
>>>>>>>>>>>>>> iText 5.6.6 as a dependency, with the latter being GPL
>>>>>>>>>>>>>> licensed.
>>>>>>>>> You
>>>>>>>>>>> can
>>>>>>>>>>>>>> see it by running "./gradlew -q dependencies":
>>>>>>>>>>>>>> +--- com.lowagie:itext:4.2.0
>>>>>>>>>>>>>> |    \--- com.itextpdf:itextpdf:5.5.6
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I haven't checked to see if the later version is actually used
>>>>>>>>>>>>>> by
>>>>>>>>> our
>>>>>>>>>>> code
>>>>>>>>>>>>>> and I'm not sure if merely downloading it causes licensing
>>>>>>>>>>>>>> issues,
>>>>>>>>>> but
>>>>>>>>>>> I
>>>>>>>>>>>>>> thought I'd bring the question here in case anyone else has
>>>>>>>>>>>>>> already
>>>>>>>>>>> looked
>>>>>>>>>>>>>> into it.  Not sure what the work-around would be if it is an
>>>>>>>>>>>>>> issue.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>> Scott
>>>>>>>>>>>>>>

Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
Le 12/06/2018 à 14:21, Jacques Le Roux a écrit :
> com.lowagie.text.* is included in the 3.6.1 BIRT runtime jar that we use, and there is a legal agreement between the BIRT team and Bruno Lowagie to
> use this version[1].
To be clear here, as you (Taher) outlined, we still need to have in our main build.gradle
/compile 'com.lowagie:itext:2.1.7' // don't update because of license change/

Jacques

Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

taher
I'm no longer interested in discussing this, I already explained it.

-1 on the comment
-1 on the removal
+1 on excluding the transitive dependency

If you want to fix things for BIRT, I recommend you do it _outside_
the framework.

On Tue, Jun 12, 2018 at 4:36 PM, Jacques Le Roux
<[hidden email]> wrote:

> Le 12/06/2018 à 14:21, Jacques Le Roux a écrit :
>>
>> com.lowagie.text.* is included in the 3.6.1 BIRT runtime jar that we use,
>> and there is a legal agreement between the BIRT team and Bruno Lowagie to
>> use this version[1].
>
> To be clear here, as you (Taher) outlined, we still need to have in our main
> build.gradle
> /compile 'com.lowagie:itext:2.1.7' // don't update because of license
> change/
>
> Jacques
>
Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

taher
to qualify: +1 on excluding the transitive dependency after testing
that it works

On Tue, Jun 12, 2018 at 4:44 PM, Taher Alkhateeb
<[hidden email]> wrote:

> I'm no longer interested in discussing this, I already explained it.
>
> -1 on the comment
> -1 on the removal
> +1 on excluding the transitive dependency
>
> If you want to fix things for BIRT, I recommend you do it _outside_
> the framework.
>
> On Tue, Jun 12, 2018 at 4:36 PM, Jacques Le Roux
> <[hidden email]> wrote:
>> Le 12/06/2018 à 14:21, Jacques Le Roux a écrit :
>>>
>>> com.lowagie.text.* is included in the 3.6.1 BIRT runtime jar that we use,
>>> and there is a legal agreement between the BIRT team and Bruno Lowagie to
>>> use this version[1].
>>
>> To be clear here, as you (Taher) outlined, we still need to have in our main
>> build.gradle
>> /compile 'com.lowagie:itext:2.1.7' // don't update because of license
>> change/
>>
>> Jacques
>>
Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
That's not serious, remains a legal issue as explained at https://developers.itextpdf.com/question/versions-older-than-5

<<This answer is also applicable to iTextSharp versions lower than iTextSharp 5.0.0.0. Some people claim that they use iText 4.2.0, but that version
has never been officially released.>>

Our users deserver better than saying that I could fix BIRT. You did not get it, there is nothing to fix in BIRT.

It's unrelated. We speak about a clear dependency in framework to iText 4.2.0 here!

Jacques

Le 12/06/2018 à 15:54, Taher Alkhateeb a écrit :

> to qualify: +1 on excluding the transitive dependency after testing
> that it works
>
> On Tue, Jun 12, 2018 at 4:44 PM, Taher Alkhateeb
> <[hidden email]> wrote:
>> I'm no longer interested in discussing this, I already explained it.
>>
>> -1 on the comment
>> -1 on the removal
>> +1 on excluding the transitive dependency
>>
>> If you want to fix things for BIRT, I recommend you do it _outside_
>> the framework.
>>
>> On Tue, Jun 12, 2018 at 4:36 PM, Jacques Le Roux
>> <[hidden email]> wrote:
>>> Le 12/06/2018 à 14:21, Jacques Le Roux a écrit :
>>>> com.lowagie.text.* is included in the 3.6.1 BIRT runtime jar that we use,
>>>> and there is a legal agreement between the BIRT team and Bruno Lowagie to
>>>> use this version[1].
>>> To be clear here, as you (Taher) outlined, we still need to have in our main
>>> build.gradle
>>> /compile 'com.lowagie:itext:2.1.7' // don't update because of license
>>> change/
>>>
>>> Jacques
>>>

Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
And for those who are not convinced: https://developers.itextpdf.com/question/can-i-use-itext-without-respecting-agpl-license

jacques


Le 12/06/2018 à 18:15, Jacques Le Roux a écrit :

> That's not serious, remains a legal issue as explained at https://developers.itextpdf.com/question/versions-older-than-5
>
> <<This answer is also applicable to iTextSharp versions lower than iTextSharp 5.0.0.0. Some people claim that they use iText 4.2.0, but that version
> has never been officially released.>>
>
> Our users deserver better than saying that I could fix BIRT. You did not get it, there is nothing to fix in BIRT.
>
> It's unrelated. We speak about a clear dependency in framework to iText 4.2.0 here!
>
> Jacques
>
> Le 12/06/2018 à 15:54, Taher Alkhateeb a écrit :
>> to qualify: +1 on excluding the transitive dependency after testing
>> that it works
>>
>> On Tue, Jun 12, 2018 at 4:44 PM, Taher Alkhateeb
>> <[hidden email]> wrote:
>>> I'm no longer interested in discussing this, I already explained it.
>>>
>>> -1 on the comment
>>> -1 on the removal
>>> +1 on excluding the transitive dependency
>>>
>>> If you want to fix things for BIRT, I recommend you do it _outside_
>>> the framework.
>>>
>>> On Tue, Jun 12, 2018 at 4:36 PM, Jacques Le Roux
>>> <[hidden email]> wrote:
>>>> Le 12/06/2018 à 14:21, Jacques Le Roux a écrit :
>>>>> com.lowagie.text.* is included in the 3.6.1 BIRT runtime jar that we use,
>>>>> and there is a legal agreement between the BIRT team and Bruno Lowagie to
>>>>> use this version[1].
>>>> To be clear here, as you (Taher) outlined, we still need to have in our main
>>>> build.gradle
>>>> /compile 'com.lowagie:itext:2.1.7' // don't update because of license
>>>> change/
>>>>
>>>> Jacques
>>>>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
In reply to this post by Scott Gray-3
Thanks for your report Scott,

After checking as much as I can, here are my conclusions:

As you reported "com.itextpdf:itextpdf:5.5.6" can't be used, it's AGPL so incompatible with ASL2

Taher suggested to simply exclude loading it. So only loading "com.lowagie:itext:4.2.0" which is MPL/GPL

But then we still face an issue as explained here https://developers.itextpdf.com/question/versions-older-than-5

<<Some people claim that they use iText 4.2.0, but that version has never been officially released>>

So it's not legally tenable.

This same FAQ entry is also about iText 2.1.7. The original archived stackoverflow question is easier to read: https://s.apache.org/4QUU

So the same should apply to it as Lowagie (the author) says. But this is were I think he is going too far.

Until proven otherwise, iText 2.1.7 has been officially released under an MPL/GPL license under Lowagie's responsibility (he did release it)

And especially it's used by Eclipse Birt Runtime, the whole under an EPL license, so I expect legally tenable.

You can find the iText 2.1.7 jar in every BIRT runtime package: http://download.eclipse.org/birt/downloads/ or
http://archive.eclipse.org/birt/downloads/build_list.php (we use 3.7.1)

The most interesting part is in com.lowagie.text_2.1.7.v201004222200.jar
Inside this jar we can read in the about.html that the original itext-2.1.7.jar. is used (no modifications) same for itext Asian 1.5.2 version.
There are more legal information in about_files/misc_licenses.txt and as far as I understand the only IP infringement would be to use itext-2.1.7.jar
in a nuclear context. Last Sun license version says:

<<You acknowledge that this software is not designed or intended for
  use in the design, construction, operation or maintenance of any
  nuclear facility.>>

So for me, as long as we follow the misc. requirements in the misc_licenses.txt file  in our LICENSE and possibly NOTICE file/s there should be no
problems using this "patch" in our main build.gradle
     -    compile 'com.lowagie:itext:4.2.0'
     +    //compile 'com.lowagie:itext:2.1.7' // don't update because of license issue. The BIRT runtime package uses the same.

We are sure that the 2.1.7 version will work because the code which uses itext is from pre Apache Era (in PdfSurveyServices.java and CompDocServices.java)

Of course we need to ask the legal team before taking a formal decision about it.
I think we have now enough material to ask, and without opposition I'll create a LEGAL Jira in a week.

Jacques

Le 08/06/2018 à 03:57, Scott Gray a écrit :

> Hi All,
>
> I just noticed that the iText maven bundle is a bit tricksy and includes
> iText 5.6.6 as a dependency, with the latter being GPL licensed.  You can
> see it by running "./gradlew -q dependencies":
> +--- com.lowagie:itext:4.2.0
> |    \--- com.itextpdf:itextpdf:5.5.6
>
> I haven't checked to see if the later version is actually used by our code
> and I'm not sure if merely downloading it causes licensing issues, but I
> thought I'd bring the question here in case anyone else has already looked
> into it.  Not sure what the work-around would be if it is an issue.
>
> Regards
> Scott
>

Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacopo Cappellato-5
On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
[hidden email]> wrote:

> [...]
> Of course we need to ask the legal team before taking a formal decision
> about it.
> I think we have now enough material to ask, and without opposition I'll
> create a LEGAL Jira in a week.


I think it would be useful if you will post the draft of the text for the
Jira ticket to this list for community's review before submitting it to
Legal.

Thank you,

Jacopo
Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
Hi Jacopo,

Yes good idea. I'll try to write next week...

Jacques


Le 13/06/2018 à 08:14, Jacopo Cappellato a écrit :

> On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
> [hidden email]> wrote:
>
>> [...]
>> Of course we need to ask the legal team before taking a formal decision
>> about it.
>> I think we have now enough material to ask, and without opposition I'll
>> create a LEGAL Jira in a week.
>
> I think it would be useful if you will post the draft of the text for the
> Jira ticket to this list for community's review before submitting it to
> Legal.
>
> Thank you,
>
> Jacopo
>

Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Scott Gray-3
My first inclination is that taking legal advice from a company that is
trying to sell you a license, probably isn't a good idea.  They have a
vested interest in trying to convince you not to use the MIT version.

Regardless, I think Taher's solution works in the short term and the other
alternative is to revert back to a 2.x version until a suitable replacement
is found.  Looking at the commit logs it hasn't been very long since we
switched from 2.x to 4.x for no other reason than "let's update
everything!".

Regards
Scott

On 14 June 2018 at 05:47, Jacques Le Roux <[hidden email]>
wrote:

> Hi Jacopo,
>
> Yes good idea. I'll try to write next week...
>
> Jacques
>
>
>
> Le 13/06/2018 à 08:14, Jacopo Cappellato a écrit :
>
>> On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
>> [hidden email]> wrote:
>>
>> [...]
>>> Of course we need to ask the legal team before taking a formal decision
>>> about it.
>>> I think we have now enough material to ask, and without opposition I'll
>>> create a LEGAL Jira in a week.
>>>
>>
>> I think it would be useful if you will post the draft of the text for the
>> Jira ticket to this list for community's review before submitting it to
>> Legal.
>>
>> Thank you,
>>
>> Jacopo
>>
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
Le 14/06/2018 à 07:22, Scott Gray a écrit :
> My first inclination is that taking legal advice from a company that is
> trying to sell you a license, probably isn't a good idea.  They have a
> vested interest in trying to convince you not to use the MIT version.
>
> Regardless, I think Taher's solution works in the short term
For that I think we need to ask Legal. Anyway better to ask them for both versions (2.1.7 or 4.2.0)

> and the other
> alternative is to revert back to a 2.x version until a suitable replacement
> is found.
Why a replacement would be needed?

> Looking at the commit logs it hasn't been very long since we
> switched from 2.x to 4.x for no other reason than "let's update
> everything!".
Right, I believe using 2.1.7 is the way. We were using it until Oct 13 2017, r1812161.
It's the same than in BIRT distributed runtime packages and I expect Eclipse Legal team is aware. Certainly a reason why they never updated.

So the question for our Legal could as simple as:

 1. Eclipse BIRT distributes itext 2.1.7 in their runtime packages under the EPL license.
 2. We want to use the same directly as a declared dependency
 3. But we wonder what to think about https://developers.itextpdf.com/question/versions-older-than-5

@team: what do you think? I'd not even ask for 4.2.0 because I expect a negative answer. But if you prefer we can add it.

Should we say that we use the 2.1.7 version for years?

Jacques

>
> Regards
> Scott
>
> On 14 June 2018 at 05:47, Jacques Le Roux <[hidden email]>
> wrote:
>
>> Hi Jacopo,
>>
>> Yes good idea. I'll try to write next week...
>>
>> Jacques
>>
>>
>>
>> Le 13/06/2018 à 08:14, Jacopo Cappellato a écrit :
>>
>>> On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
>>> [hidden email]> wrote:
>>>
>>> [...]
>>>> Of course we need to ask the legal team before taking a formal decision
>>>> about it.
>>>> I think we have now enough material to ask, and without opposition I'll
>>>> create a LEGAL Jira in a week.
>>>>
>>> I think it would be useful if you will post the draft of the text for the
>>> Jira ticket to this list for community's review before submitting it to
>>> Legal.
>>>
>>> Thank you,
>>>
>>> Jacopo
>>>
>>>

Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Scott Gray-3
Are there any genuine doubts about 2.1.7?  Or just a warning from the
company trying to sell the AGL licensed versions?

If we revert back to 2.1.7 then I don't think we need to ask legal anything.

Regards
Scott

On 14 June 2018 at 18:56, Jacques Le Roux <[hidden email]>
wrote:

> Le 14/06/2018 à 07:22, Scott Gray a écrit :
>
>> My first inclination is that taking legal advice from a company that is
>> trying to sell you a license, probably isn't a good idea.  They have a
>> vested interest in trying to convince you not to use the MIT version.
>>
>> Regardless, I think Taher's solution works in the short term
>>
> For that I think we need to ask Legal. Anyway better to ask them for both
> versions (2.1.7 or 4.2.0)
>
> and the other
>> alternative is to revert back to a 2.x version until a suitable
>> replacement
>> is found.
>>
> Why a replacement would be needed?
>
> Looking at the commit logs it hasn't been very long since we
>> switched from 2.x to 4.x for no other reason than "let's update
>> everything!".
>>
> Right, I believe using 2.1.7 is the way. We were using it until Oct 13
> 2017, r1812161.
> It's the same than in BIRT distributed runtime packages and I expect
> Eclipse Legal team is aware. Certainly a reason why they never updated.
>
> So the question for our Legal could as simple as:
>
> 1. Eclipse BIRT distributes itext 2.1.7 in their runtime packages under
> the EPL license.
> 2. We want to use the same directly as a declared dependency
> 3. But we wonder what to think about https://developers.itextpdf.co
> m/question/versions-older-than-5
>
> @team: what do you think? I'd not even ask for 4.2.0 because I expect a
> negative answer. But if you prefer we can add it.
>
> Should we say that we use the 2.1.7 version for years?
>
> Jacques
>
>
>
>> Regards
>> Scott
>>
>> On 14 June 2018 at 05:47, Jacques Le Roux <[hidden email]>
>> wrote:
>>
>> Hi Jacopo,
>>>
>>> Yes good idea. I'll try to write next week...
>>>
>>> Jacques
>>>
>>>
>>>
>>> Le 13/06/2018 à 08:14, Jacopo Cappellato a écrit :
>>>
>>> On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
>>>> [hidden email]> wrote:
>>>>
>>>> [...]
>>>>
>>>>> Of course we need to ask the legal team before taking a formal decision
>>>>> about it.
>>>>> I think we have now enough material to ask, and without opposition I'll
>>>>> create a LEGAL Jira in a week.
>>>>>
>>>>> I think it would be useful if you will post the draft of the text for
>>>> the
>>>> Jira ticket to this list for community's review before submitting it to
>>>> Legal.
>>>>
>>>> Thank you,
>>>>
>>>> Jacopo
>>>>
>>>>
>>>>
>
Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
Le 14/06/2018 à 21:43, Scott Gray a écrit :
> Are there any genuine doubts about 2.1.7?  Or just a warning from the
> company trying to sell the AGL licensed versions?
>
> If we revert back to 2.1.7 then I don't think we need to ask legal anything.
Yes that's also my opinion after deeply checking. BIRT runtime is the proof, IMO.

Jacques

>
> Regards
> Scott
>
> On 14 June 2018 at 18:56, Jacques Le Roux <[hidden email]>
> wrote:
>
>> Le 14/06/2018 à 07:22, Scott Gray a écrit :
>>
>>> My first inclination is that taking legal advice from a company that is
>>> trying to sell you a license, probably isn't a good idea.  They have a
>>> vested interest in trying to convince you not to use the MIT version.
>>>
>>> Regardless, I think Taher's solution works in the short term
>>>
>> For that I think we need to ask Legal. Anyway better to ask them for both
>> versions (2.1.7 or 4.2.0)
>>
>> and the other
>>> alternative is to revert back to a 2.x version until a suitable
>>> replacement
>>> is found.
>>>
>> Why a replacement would be needed?
>>
>> Looking at the commit logs it hasn't been very long since we
>>> switched from 2.x to 4.x for no other reason than "let's update
>>> everything!".
>>>
>> Right, I believe using 2.1.7 is the way. We were using it until Oct 13
>> 2017, r1812161.
>> It's the same than in BIRT distributed runtime packages and I expect
>> Eclipse Legal team is aware. Certainly a reason why they never updated.
>>
>> So the question for our Legal could as simple as:
>>
>> 1. Eclipse BIRT distributes itext 2.1.7 in their runtime packages under
>> the EPL license.
>> 2. We want to use the same directly as a declared dependency
>> 3. But we wonder what to think about https://developers.itextpdf.co
>> m/question/versions-older-than-5
>>
>> @team: what do you think? I'd not even ask for 4.2.0 because I expect a
>> negative answer. But if you prefer we can add it.
>>
>> Should we say that we use the 2.1.7 version for years?
>>
>> Jacques
>>
>>
>>
>>> Regards
>>> Scott
>>>
>>> On 14 June 2018 at 05:47, Jacques Le Roux <[hidden email]>
>>> wrote:
>>>
>>> Hi Jacopo,
>>>> Yes good idea. I'll try to write next week...
>>>>
>>>> Jacques
>>>>
>>>>
>>>>
>>>> Le 13/06/2018 à 08:14, Jacopo Cappellato a écrit :
>>>>
>>>> On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
>>>>> [hidden email]> wrote:
>>>>>
>>>>> [...]
>>>>>
>>>>>> Of course we need to ask the legal team before taking a formal decision
>>>>>> about it.
>>>>>> I think we have now enough material to ask, and without opposition I'll
>>>>>> create a LEGAL Jira in a week.
>>>>>>
>>>>>> I think it would be useful if you will post the draft of the text for
>>>>> the
>>>>> Jira ticket to this list for community's review before submitting it to
>>>>> Legal.
>>>>>
>>>>> Thank you,
>>>>>
>>>>> Jacopo
>>>>>
>>>>>
>>>>>

Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
Hi All,

Do we need a vote here to decide if we should ask infra or not?

Else I'll tomorrow consider the last exchange with Scott 2 weeks ago a lazy consensus and will simply replace using

     -    compile 'com.lowagie:itext:4.2.0'
     +   compile 'com.lowagie:itext:2.1.7' // don't update because of license issue. The BIRT runtime package still uses the same for the same reason

Thanks

Jacques


Le 15/06/2018 à 09:07, Jacques Le Roux a écrit :

> Le 14/06/2018 à 21:43, Scott Gray a écrit :
>> Are there any genuine doubts about 2.1.7? Or just a warning from the
>> company trying to sell the AGL licensed versions?
>>
>> If we revert back to 2.1.7 then I don't think we need to ask legal anything.
> Yes that's also my opinion after deeply checking. BIRT runtime is the proof, IMO.
>
> Jacques
>>
>> Regards
>> Scott
>>
>> On 14 June 2018 at 18:56, Jacques Le Roux <[hidden email]>
>> wrote:
>>
>>> Le 14/06/2018 à 07:22, Scott Gray a écrit :
>>>
>>>> My first inclination is that taking legal advice from a company that is
>>>> trying to sell you a license, probably isn't a good idea. They have a
>>>> vested interest in trying to convince you not to use the MIT version.
>>>>
>>>> Regardless, I think Taher's solution works in the short term
>>>>
>>> For that I think we need to ask Legal. Anyway better to ask them for both
>>> versions (2.1.7 or 4.2.0)
>>>
>>> and the other
>>>> alternative is to revert back to a 2.x version until a suitable
>>>> replacement
>>>> is found.
>>>>
>>> Why a replacement would be needed?
>>>
>>> Looking at the commit logs it hasn't been very long since we
>>>> switched from 2.x to 4.x for no other reason than "let's update
>>>> everything!".
>>>>
>>> Right, I believe using 2.1.7 is the way. We were using it until Oct 13
>>> 2017, r1812161.
>>> It's the same than in BIRT distributed runtime packages and I expect
>>> Eclipse Legal team is aware. Certainly a reason why they never updated.
>>>
>>> So the question for our Legal could as simple as:
>>>
>>> 1. Eclipse BIRT distributes itext 2.1.7 in their runtime packages under
>>> the EPL license.
>>> 2. We want to use the same directly as a declared dependency
>>> 3. But we wonder what to think about https://developers.itextpdf.co
>>> m/question/versions-older-than-5
>>>
>>> @team: what do you think? I'd not even ask for 4.2.0 because I expect a
>>> negative answer. But if you prefer we can add it.
>>>
>>> Should we say that we use the 2.1.7 version for years?
>>>
>>> Jacques
>>>
>>>
>>>
>>>> Regards
>>>> Scott
>>>>
>>>> On 14 June 2018 at 05:47, Jacques Le Roux <[hidden email]>
>>>> wrote:
>>>>
>>>> Hi Jacopo,
>>>>> Yes good idea. I'll try to write next week...
>>>>>
>>>>> Jacques
>>>>>
>>>>>
>>>>>
>>>>> Le 13/06/2018 à 08:14, Jacopo Cappellato a écrit :
>>>>>
>>>>> On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
>>>>>> [hidden email]> wrote:
>>>>>>
>>>>>> [...]
>>>>>>
>>>>>>> Of course we need to ask the legal team before taking a formal decision
>>>>>>> about it.
>>>>>>> I think we have now enough material to ask, and without opposition I'll
>>>>>>> create a LEGAL Jira in a week.
>>>>>>>
>>>>>>> I think it would be useful if you will post the draft of the text for
>>>>>> the
>>>>>> Jira ticket to this list for community's review before submitting it to
>>>>>> Legal.
>>>>>>
>>>>>> Thank you,
>>>>>>
>>>>>> Jacopo
>>>>>>
>>>>>>
>>>>>>
>

Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

taher
Ahh, so you just decided to ignore my input?

On Fri, Jun 29, 2018, 3:28 PM Jacques Le Roux <[hidden email]>
wrote:

> Hi All,
>
> Do we need a vote here to decide if we should ask infra or not?
>
> Else I'll tomorrow consider the last exchange with Scott 2 weeks ago a
> lazy consensus and will simply replace using
>
>      -    compile 'com.lowagie:itext:4.2.0'
>      +   compile 'com.lowagie:itext:2.1.7' // don't update because of
> license issue. The BIRT runtime package still uses the same for the same
> reason
>
> Thanks
>
> Jacques
>
>
> Le 15/06/2018 à 09:07, Jacques Le Roux a écrit :
> > Le 14/06/2018 à 21:43, Scott Gray a écrit :
> >> Are there any genuine doubts about 2.1.7? Or just a warning from the
> >> company trying to sell the AGL licensed versions?
> >>
> >> If we revert back to 2.1.7 then I don't think we need to ask legal
> anything.
> > Yes that's also my opinion after deeply checking. BIRT runtime is the
> proof, IMO.
> >
> > Jacques
> >>
> >> Regards
> >> Scott
> >>
> >> On 14 June 2018 at 18:56, Jacques Le Roux <[hidden email]
> >
> >> wrote:
> >>
> >>> Le 14/06/2018 à 07:22, Scott Gray a écrit :
> >>>
> >>>> My first inclination is that taking legal advice from a company that
> is
> >>>> trying to sell you a license, probably isn't a good idea. They have a
> >>>> vested interest in trying to convince you not to use the MIT version.
> >>>>
> >>>> Regardless, I think Taher's solution works in the short term
> >>>>
> >>> For that I think we need to ask Legal. Anyway better to ask them for
> both
> >>> versions (2.1.7 or 4.2.0)
> >>>
> >>> and the other
> >>>> alternative is to revert back to a 2.x version until a suitable
> >>>> replacement
> >>>> is found.
> >>>>
> >>> Why a replacement would be needed?
> >>>
> >>> Looking at the commit logs it hasn't been very long since we
> >>>> switched from 2.x to 4.x for no other reason than "let's update
> >>>> everything!".
> >>>>
> >>> Right, I believe using 2.1.7 is the way. We were using it until Oct 13
> >>> 2017, r1812161.
> >>> It's the same than in BIRT distributed runtime packages and I expect
> >>> Eclipse Legal team is aware. Certainly a reason why they never updated.
> >>>
> >>> So the question for our Legal could as simple as:
> >>>
> >>> 1. Eclipse BIRT distributes itext 2.1.7 in their runtime packages under
> >>> the EPL license.
> >>> 2. We want to use the same directly as a declared dependency
> >>> 3. But we wonder what to think about https://developers.itextpdf.co
> >>> m/question/versions-older-than-5
> >>>
> >>> @team: what do you think? I'd not even ask for 4.2.0 because I expect a
> >>> negative answer. But if you prefer we can add it.
> >>>
> >>> Should we say that we use the 2.1.7 version for years?
> >>>
> >>> Jacques
> >>>
> >>>
> >>>
> >>>> Regards
> >>>> Scott
> >>>>
> >>>> On 14 June 2018 at 05:47, Jacques Le Roux <
> [hidden email]>
> >>>> wrote:
> >>>>
> >>>> Hi Jacopo,
> >>>>> Yes good idea. I'll try to write next week...
> >>>>>
> >>>>> Jacques
> >>>>>
> >>>>>
> >>>>>
> >>>>> Le 13/06/2018 à 08:14, Jacopo Cappellato a écrit :
> >>>>>
> >>>>> On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
> >>>>>> [hidden email]> wrote:
> >>>>>>
> >>>>>> [...]
> >>>>>>
> >>>>>>> Of course we need to ask the legal team before taking a formal
> decision
> >>>>>>> about it.
> >>>>>>> I think we have now enough material to ask, and without opposition
> I'll
> >>>>>>> create a LEGAL Jira in a week.
> >>>>>>>
> >>>>>>> I think it would be useful if you will post the draft of the text
> for
> >>>>>> the
> >>>>>> Jira ticket to this list for community's review before submitting
> it to
> >>>>>> Legal.
> >>>>>>
> >>>>>> Thank you,
> >>>>>>
> >>>>>> Jacopo
> >>>>>>
> >>>>>>
> >>>>>>
> >
>
>
Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
I guess you mean

Le 12/06/2018 à 15:54, Taher Alkhateeb a écrit :
> I'm no longer interested in discussing this, I already explained it.
>
> -1 on the comment
> -1 on the removal
> +1 on excluding the transitive dependency
>
> If you want to fix things for BIRT, I recommend you do it_outside_
> the framework.

I'd veto that, it's not legally serious. You did not get it, it's not about fixing BIRT, please read our last exchange with Scott.

Thanks to care.

Jacques


Le 29/06/2018 à 16:12, Taher Alkhateeb a écrit :

> Ahh, so you just decided to ignore my input?
>
> On Fri, Jun 29, 2018, 3:28 PM Jacques Le Roux <[hidden email]>
> wrote:
>
>> Hi All,
>>
>> Do we need a vote here to decide if we should ask infra or not?
>>
>> Else I'll tomorrow consider the last exchange with Scott 2 weeks ago a
>> lazy consensus and will simply replace using
>>
>>       -    compile 'com.lowagie:itext:4.2.0'
>>       +   compile 'com.lowagie:itext:2.1.7' // don't update because of
>> license issue. The BIRT runtime package still uses the same for the same
>> reason
>>
>> Thanks
>>
>> Jacques
>>
>>
>> Le 15/06/2018 à 09:07, Jacques Le Roux a écrit :
>>> Le 14/06/2018 à 21:43, Scott Gray a écrit :
>>>> Are there any genuine doubts about 2.1.7? Or just a warning from the
>>>> company trying to sell the AGL licensed versions?
>>>>
>>>> If we revert back to 2.1.7 then I don't think we need to ask legal
>> anything.
>>> Yes that's also my opinion after deeply checking. BIRT runtime is the
>> proof, IMO.
>>> Jacques
>>>> Regards
>>>> Scott
>>>>
>>>> On 14 June 2018 at 18:56, Jacques Le Roux <[hidden email]
>>>> wrote:
>>>>
>>>>> Le 14/06/2018 à 07:22, Scott Gray a écrit :
>>>>>
>>>>>> My first inclination is that taking legal advice from a company that
>> is
>>>>>> trying to sell you a license, probably isn't a good idea. They have a
>>>>>> vested interest in trying to convince you not to use the MIT version.
>>>>>>
>>>>>> Regardless, I think Taher's solution works in the short term
>>>>>>
>>>>> For that I think we need to ask Legal. Anyway better to ask them for
>> both
>>>>> versions (2.1.7 or 4.2.0)
>>>>>
>>>>> and the other
>>>>>> alternative is to revert back to a 2.x version until a suitable
>>>>>> replacement
>>>>>> is found.
>>>>>>
>>>>> Why a replacement would be needed?
>>>>>
>>>>> Looking at the commit logs it hasn't been very long since we
>>>>>> switched from 2.x to 4.x for no other reason than "let's update
>>>>>> everything!".
>>>>>>
>>>>> Right, I believe using 2.1.7 is the way. We were using it until Oct 13
>>>>> 2017, r1812161.
>>>>> It's the same than in BIRT distributed runtime packages and I expect
>>>>> Eclipse Legal team is aware. Certainly a reason why they never updated.
>>>>>
>>>>> So the question for our Legal could as simple as:
>>>>>
>>>>> 1. Eclipse BIRT distributes itext 2.1.7 in their runtime packages under
>>>>> the EPL license.
>>>>> 2. We want to use the same directly as a declared dependency
>>>>> 3. But we wonder what to think about https://developers.itextpdf.co
>>>>> m/question/versions-older-than-5
>>>>>
>>>>> @team: what do you think? I'd not even ask for 4.2.0 because I expect a
>>>>> negative answer. But if you prefer we can add it.
>>>>>
>>>>> Should we say that we use the 2.1.7 version for years?
>>>>>
>>>>> Jacques
>>>>>
>>>>>
>>>>>
>>>>>> Regards
>>>>>> Scott
>>>>>>
>>>>>> On 14 June 2018 at 05:47, Jacques Le Roux <
>> [hidden email]>
>>>>>> wrote:
>>>>>>
>>>>>> Hi Jacopo,
>>>>>>> Yes good idea. I'll try to write next week...
>>>>>>>
>>>>>>> Jacques
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Le 13/06/2018 à 08:14, Jacopo Cappellato a écrit :
>>>>>>>
>>>>>>> On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
>>>>>>>> [hidden email]> wrote:
>>>>>>>>
>>>>>>>> [...]
>>>>>>>>
>>>>>>>>> Of course we need to ask the legal team before taking a formal
>> decision
>>>>>>>>> about it.
>>>>>>>>> I think we have now enough material to ask, and without opposition
>> I'll
>>>>>>>>> create a LEGAL Jira in a week.
>>>>>>>>>
>>>>>>>>> I think it would be useful if you will post the draft of the text
>> for
>>>>>>>> the
>>>>>>>> Jira ticket to this list for community's review before submitting
>> it to
>>>>>>>> Legal.
>>>>>>>>
>>>>>>>> Thank you,
>>>>>>>>
>>>>>>>> Jacopo
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>

Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

taher
The issue here is that you clearly know what my position is (you
quoted it) and you decided somehow that you have lazy consensus!

Anyway, I don't see a problem in reverting to 2.1.7 as scott
suggested, but I suggest the comment to be simply "Will not update due
to license change in newer versions" or something like that. There is
no reason to mention BIRT or anything else outside the framework. I
still prefer testing excluding the transitive dependencies but either
solution is fine as long as we stop talking about BIRT.

On Fri, Jun 29, 2018 at 6:33 PM, Jacques Le Roux
<[hidden email]> wrote:

> I guess you mean
>
> Le 12/06/2018 à 15:54, Taher Alkhateeb a écrit :
>>
>> I'm no longer interested in discussing this, I already explained it.
>>
>> -1 on the comment
>> -1 on the removal
>> +1 on excluding the transitive dependency
>>
>> If you want to fix things for BIRT, I recommend you do it_outside_
>> the framework.
>
>
> I'd veto that, it's not legally serious. You did not get it, it's not about
> fixing BIRT, please read our last exchange with Scott.
>
> Thanks to care.
>
> Jacques
>
>
>
> Le 29/06/2018 à 16:12, Taher Alkhateeb a écrit :
>>
>> Ahh, so you just decided to ignore my input?
>>
>> On Fri, Jun 29, 2018, 3:28 PM Jacques Le Roux
>> <[hidden email]>
>> wrote:
>>
>>> Hi All,
>>>
>>> Do we need a vote here to decide if we should ask infra or not?
>>>
>>> Else I'll tomorrow consider the last exchange with Scott 2 weeks ago a
>>> lazy consensus and will simply replace using
>>>
>>>       -    compile 'com.lowagie:itext:4.2.0'
>>>       +   compile 'com.lowagie:itext:2.1.7' // don't update because of
>>> license issue. The BIRT runtime package still uses the same for the same
>>> reason
>>>
>>> Thanks
>>>
>>> Jacques
>>>
>>>
>>> Le 15/06/2018 à 09:07, Jacques Le Roux a écrit :
>>>>
>>>> Le 14/06/2018 à 21:43, Scott Gray a écrit :
>>>>>
>>>>> Are there any genuine doubts about 2.1.7? Or just a warning from the
>>>>> company trying to sell the AGL licensed versions?
>>>>>
>>>>> If we revert back to 2.1.7 then I don't think we need to ask legal
>>>
>>> anything.
>>>>
>>>> Yes that's also my opinion after deeply checking. BIRT runtime is the
>>>
>>> proof, IMO.
>>>>
>>>> Jacques
>>>>>
>>>>> Regards
>>>>> Scott
>>>>>
>>>>> On 14 June 2018 at 18:56, Jacques Le Roux <[hidden email]
>>>>> wrote:
>>>>>
>>>>>> Le 14/06/2018 à 07:22, Scott Gray a écrit :
>>>>>>
>>>>>>> My first inclination is that taking legal advice from a company that
>>>
>>> is
>>>>>>>
>>>>>>> trying to sell you a license, probably isn't a good idea. They have a
>>>>>>> vested interest in trying to convince you not to use the MIT version.
>>>>>>>
>>>>>>> Regardless, I think Taher's solution works in the short term
>>>>>>>
>>>>>> For that I think we need to ask Legal. Anyway better to ask them for
>>>
>>> both
>>>>>>
>>>>>> versions (2.1.7 or 4.2.0)
>>>>>>
>>>>>> and the other
>>>>>>>
>>>>>>> alternative is to revert back to a 2.x version until a suitable
>>>>>>> replacement
>>>>>>> is found.
>>>>>>>
>>>>>> Why a replacement would be needed?
>>>>>>
>>>>>> Looking at the commit logs it hasn't been very long since we
>>>>>>>
>>>>>>> switched from 2.x to 4.x for no other reason than "let's update
>>>>>>> everything!".
>>>>>>>
>>>>>> Right, I believe using 2.1.7 is the way. We were using it until Oct 13
>>>>>> 2017, r1812161.
>>>>>> It's the same than in BIRT distributed runtime packages and I expect
>>>>>> Eclipse Legal team is aware. Certainly a reason why they never
>>>>>> updated.
>>>>>>
>>>>>> So the question for our Legal could as simple as:
>>>>>>
>>>>>> 1. Eclipse BIRT distributes itext 2.1.7 in their runtime packages
>>>>>> under
>>>>>> the EPL license.
>>>>>> 2. We want to use the same directly as a declared dependency
>>>>>> 3. But we wonder what to think about https://developers.itextpdf.co
>>>>>> m/question/versions-older-than-5
>>>>>>
>>>>>> @team: what do you think? I'd not even ask for 4.2.0 because I expect
>>>>>> a
>>>>>> negative answer. But if you prefer we can add it.
>>>>>>
>>>>>> Should we say that we use the 2.1.7 version for years?
>>>>>>
>>>>>> Jacques
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Regards
>>>>>>> Scott
>>>>>>>
>>>>>>> On 14 June 2018 at 05:47, Jacques Le Roux <
>>>
>>> [hidden email]>
>>>>>>>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi Jacopo,
>>>>>>>>
>>>>>>>> Yes good idea. I'll try to write next week...
>>>>>>>>
>>>>>>>> Jacques
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Le 13/06/2018 à 08:14, Jacopo Cappellato a écrit :
>>>>>>>>
>>>>>>>> On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
>>>>>>>>>
>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>
>>>>>>>>> [...]
>>>>>>>>>
>>>>>>>>>> Of course we need to ask the legal team before taking a formal
>>>
>>> decision
>>>>>>>>>>
>>>>>>>>>> about it.
>>>>>>>>>> I think we have now enough material to ask, and without opposition
>>>
>>> I'll
>>>>>>>>>>
>>>>>>>>>> create a LEGAL Jira in a week.
>>>>>>>>>>
>>>>>>>>>> I think it would be useful if you will post the draft of the text
>>>
>>> for
>>>>>>>>>
>>>>>>>>> the
>>>>>>>>> Jira ticket to this list for community's review before submitting
>>>
>>> it to
>>>>>>>>>
>>>>>>>>> Legal.
>>>>>>>>>
>>>>>>>>> Thank you,
>>>>>>>>>
>>>>>>>>> Jacopo
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>
>
Reply | Threaded
Open this post in threaded view
|

Re: License issue with iText 4.2.0

Jacques Le Roux
Administrator
Le 30/06/2018 à 11:33, Taher Alkhateeb a écrit :
> The issue here is that you clearly know what my position is (you
> quoted it) and you decided somehow that you have lazy consensus!
When I wrote about the lazy consensus, I did not clearly remember your position.
Because in the meantime we exchanged with Scott and it was clear to me I was right from start.
I had to look back to see your point. I understand your reaction now, sorry for ignoring it.

> Anyway, I don't see a problem in reverting to 2.1.7 as scott
> suggested,
Err, I suggested that long before ago, but you and some others, including Scott, did not agree.
I had to get deeper and deeper to convince "everybody", I must say, including myself.

> but I suggest the comment to be simply "Will not update due
> to license change in newer versions" or something like that. There is
> no reason to mention BIRT or anything else outside the framework.
I agree, we can remove the mention of Birt in the comment. And you are right, better keep the comment simple and focused.
It was just as a reminder because in Birt jar they also still use 2.17 and there is some information which tends to explain why.
But anyway this is also in this convo now and I just did the changes for OFBIZ-10455

Chapter close, I'll not answer more on this thread.
Thank you for taking care, and thanks to Scott for initially revealing the license issue for the itextpdf dependent lib.

Jacques


> I
> still prefer testing excluding the transitive dependencies but either
> solution is fine as long as we stop talking about BIRT.
>
> On Fri, Jun 29, 2018 at 6:33 PM, Jacques Le Roux
> <[hidden email]> wrote:
>> I guess you mean
>>
>> Le 12/06/2018 à 15:54, Taher Alkhateeb a écrit :
>>> I'm no longer interested in discussing this, I already explained it.
>>>
>>> -1 on the comment
>>> -1 on the removal
>>> +1 on excluding the transitive dependency
>>>
>>> If you want to fix things for BIRT, I recommend you do it_outside_
>>> the framework.
>>
>> I'd veto that, it's not legally serious. You did not get it, it's not about
>> fixing BIRT, please read our last exchange with Scott.
>>
>> Thanks to care.
>>
>> Jacques
>>
>>
>>
>> Le 29/06/2018 à 16:12, Taher Alkhateeb a écrit :
>>> Ahh, so you just decided to ignore my input?
>>>
>>> On Fri, Jun 29, 2018, 3:28 PM Jacques Le Roux
>>> <[hidden email]>
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> Do we need a vote here to decide if we should ask infra or not?
>>>>
>>>> Else I'll tomorrow consider the last exchange with Scott 2 weeks ago a
>>>> lazy consensus and will simply replace using
>>>>
>>>>        -    compile 'com.lowagie:itext:4.2.0'
>>>>        +   compile 'com.lowagie:itext:2.1.7' // don't update because of
>>>> license issue. The BIRT runtime package still uses the same for the same
>>>> reason
>>>>
>>>> Thanks
>>>>
>>>> Jacques
>>>>
>>>>
>>>> Le 15/06/2018 à 09:07, Jacques Le Roux a écrit :
>>>>> Le 14/06/2018 à 21:43, Scott Gray a écrit :
>>>>>> Are there any genuine doubts about 2.1.7? Or just a warning from the
>>>>>> company trying to sell the AGL licensed versions?
>>>>>>
>>>>>> If we revert back to 2.1.7 then I don't think we need to ask legal
>>>> anything.
>>>>> Yes that's also my opinion after deeply checking. BIRT runtime is the
>>>> proof, IMO.
>>>>> Jacques
>>>>>> Regards
>>>>>> Scott
>>>>>>
>>>>>> On 14 June 2018 at 18:56, Jacques Le Roux <[hidden email]
>>>>>> wrote:
>>>>>>
>>>>>>> Le 14/06/2018 à 07:22, Scott Gray a écrit :
>>>>>>>
>>>>>>>> My first inclination is that taking legal advice from a company that
>>>> is
>>>>>>>> trying to sell you a license, probably isn't a good idea. They have a
>>>>>>>> vested interest in trying to convince you not to use the MIT version.
>>>>>>>>
>>>>>>>> Regardless, I think Taher's solution works in the short term
>>>>>>>>
>>>>>>> For that I think we need to ask Legal. Anyway better to ask them for
>>>> both
>>>>>>> versions (2.1.7 or 4.2.0)
>>>>>>>
>>>>>>> and the other
>>>>>>>> alternative is to revert back to a 2.x version until a suitable
>>>>>>>> replacement
>>>>>>>> is found.
>>>>>>>>
>>>>>>> Why a replacement would be needed?
>>>>>>>
>>>>>>> Looking at the commit logs it hasn't been very long since we
>>>>>>>> switched from 2.x to 4.x for no other reason than "let's update
>>>>>>>> everything!".
>>>>>>>>
>>>>>>> Right, I believe using 2.1.7 is the way. We were using it until Oct 13
>>>>>>> 2017, r1812161.
>>>>>>> It's the same than in BIRT distributed runtime packages and I expect
>>>>>>> Eclipse Legal team is aware. Certainly a reason why they never
>>>>>>> updated.
>>>>>>>
>>>>>>> So the question for our Legal could as simple as:
>>>>>>>
>>>>>>> 1. Eclipse BIRT distributes itext 2.1.7 in their runtime packages
>>>>>>> under
>>>>>>> the EPL license.
>>>>>>> 2. We want to use the same directly as a declared dependency
>>>>>>> 3. But we wonder what to think about https://developers.itextpdf.co
>>>>>>> m/question/versions-older-than-5
>>>>>>>
>>>>>>> @team: what do you think? I'd not even ask for 4.2.0 because I expect
>>>>>>> a
>>>>>>> negative answer. But if you prefer we can add it.
>>>>>>>
>>>>>>> Should we say that we use the 2.1.7 version for years?
>>>>>>>
>>>>>>> Jacques
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Regards
>>>>>>>> Scott
>>>>>>>>
>>>>>>>> On 14 June 2018 at 05:47, Jacques Le Roux <
>>>> [hidden email]>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Jacopo,
>>>>>>>>> Yes good idea. I'll try to write next week...
>>>>>>>>>
>>>>>>>>> Jacques
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Le 13/06/2018 à 08:14, Jacopo Cappellato a écrit :
>>>>>>>>>
>>>>>>>>> On Tue, Jun 12, 2018 at 11:47 PM, Jacques Le Roux <
>>>>>>>>>> [hidden email]> wrote:
>>>>>>>>>>
>>>>>>>>>> [...]
>>>>>>>>>>
>>>>>>>>>>> Of course we need to ask the legal team before taking a formal
>>>> decision
>>>>>>>>>>> about it.
>>>>>>>>>>> I think we have now enough material to ask, and without opposition
>>>> I'll
>>>>>>>>>>> create a LEGAL Jira in a week.
>>>>>>>>>>>
>>>>>>>>>>> I think it would be useful if you will post the draft of the text
>>>> for
>>>>>>>>>> the
>>>>>>>>>> Jira ticket to this list for community's review before submitting
>>>> it to
>>>>>>>>>> Legal.
>>>>>>>>>>
>>>>>>>>>> Thank you,
>>>>>>>>>>
>>>>>>>>>> Jacopo
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>

12