
Osquery: Change license to Apache 2.0 and GPLv2 - zwass
https://github.com/facebook/osquery/pull/4007
======
jsmthrowaway
Since Apache License v2.0 and GPLv2 are incompatible, I'd be curious to
understand the implications of this license selection for a few scenarios in
both directions. Say osquery wanted to include a GPLv2 library. Could it? How
about an Apache License v2.0 library? ASF and FSF differ on the interpretation
of the details, which would come into play here. Does the GPLv2's requirement
that it apply to the whole work[0] matter?

A more interesting thought: say I wanted to fork osquery. Do I select one of
the licenses as part of my forking operation, since I, the user, am exercising
my rights under one of the licenses (at my option) to derive the work? Would
that mean I could fork osquery to Apache License v2.0, GPLv2, or both at my
discretion? Given the requirements of GPLv2, am I even permitted to do that?

An even more interesting thought: osquery seems to _derive_ GPLv2 code from
the Netfilter project by patching it:

[https://github.com/facebook/osquery/blob/master/tools/provis...](https://github.com/facebook/osquery/blob/master/tools/provision/formula/libiptables.rb#L35-L50)

[https://github.com/facebook/osquery/blob/master/tools/provis...](https://github.com/facebook/osquery/blob/master/tools/provision.sh#L100)

Can the resulting product then be distributed Apache License v2.0, given the
viral nature of GPLv2? I'm not clear how that dependency is used, but is
Facebook even able to license this work as Apache License v2.0 at all?

This is a very confusing dual-license scenario, and something I'd never
thought about with choices like Apache/MIT. I feel it important to point out
that I'm not attempting to introduce FUD or criticize Facebook; I'm genuinely
curious.

[0]:
[https://opensource.stackexchange.com/a/1364](https://opensource.stackexchange.com/a/1364)

~~~
antoncohen
Note that RocksDB is also dual licensed under Apache 2.0 and GPLv2 [1]. I
believe they added GPLv2 to make it compatible with MySQL for MyRocks, because
the original Facebook+Patents license might not have been GPL compatible. Then
when the Apache Foundation decided that Facebook+Patents wasn't compatible
they switched it out for Apache 2.0 [2].

But that doesn't clarify much. Specifically your question about dependency
licensing. RocksDB only depends on gflags (BSD licensed) and various
compression library choices (allowing a choice of licenses). osquery seems to
depend on a lot more libraries [3], so the likelihood of running into a
licensing conflict seems a lot higher.

[1]
[https://github.com/facebook/rocksdb/blob/master/db/db_impl.c...](https://github.com/facebook/rocksdb/blob/master/db/db_impl.cc)

[2] [https://meshedinsights.com/2017/07/16/apache-bans-
facebooks-...](https://meshedinsights.com/2017/07/16/apache-bans-facebooks-
license-combo/)

[3]
[https://github.com/facebook/osquery/blob/master/tools/provis...](https://github.com/facebook/osquery/blob/master/tools/provision.sh)

------
kirillzubovsky
What is the meaning of this?

~~~
styfle
This change appears to be just another OSS project that Facebook is
relicensing and removing patent clause.

Related post:
[https://news.ycombinator.com/item?id=15316175](https://news.ycombinator.com/item?id=15316175)

