Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FISH-8215 : port solution from Glassfish #6535

Merged
merged 3 commits into from
Jan 27, 2024
Merged

FISH-8215 : port solution from Glassfish #6535

merged 3 commits into from
Jan 27, 2024

Conversation

luiseufrasio
Copy link
Contributor

Description

package java.security.acl does not exist

Important Info

Blockers

None

Testing

New tests

None

Testing Performed

Samples, quicklook etc

Testing Environment

Zulu JDK 11.0.11 on Windows 11 with Maven 3.8.6

Documentation

None

Notes for Reviewers

None

@luiseufrasio
Copy link
Contributor Author

jenkins test please

@OndroMih
Copy link
Contributor

Hello, @luiseufrasio ,

This PR as it is now is breaking the license of the code ported from Eclipse GlassFish.

The file in JAASRealm.java in this PR contains code both from Payara master branch, which is licensed under CDDL + GPL2 with classpath exception licenses, and it also contains code from Eclipse GlassFish master branch (JAASRealm.java#L379), which is under the EPL2 + GPL2 with classpath exception licenses. Copying code from Eclipse GlassFish requires that the license is not changed and is clearly stated in the code, which is not the case here.

I recommend that you either copy the whole file JAASRealm.java from Eclipse GlassFish, so that it has the correct license. Or you extract the code copied from GlassFish into a separate file, which is then distributed under the EPL2 + GPL2 with classpath exception licenses.

The LICENSE.txt file in the Payara source code should also mention EPL2 license to clarfiy that some parts of the Payara source code are distributed under this license and not under the CDDL license. This is required by the EPL2 license. For more information, read here: https://www.eclipse.org/legal/epl-2.0/ (especially the 3. Requirements section).

@Pandrex247 Pandrex247 self-requested a review January 24, 2024 09:05
@Pandrex247
Copy link
Member

@OndroMih

This PR as it is now is breaking the license of the code ported from Eclipse GlassFish.

The file in JAASRealm.java in this PR contains code both from Payara master branch, which is licensed under CDDL + GPL2 with classpath exception licenses, and it also contains code from Eclipse GlassFish master branch (JAASRealm.java#L379), which is under the EPL2 + GPL2 with classpath exception licenses. Copying code from Eclipse GlassFish requires that the license is not changed and is clearly stated in the code, which is not the case here.

I recommend that you either copy the whole file JAASRealm.java from Eclipse GlassFish, so that it has the correct license. Or you extract the code copied from GlassFish into a separate file, which is then distributed under the EPL2 + GPL2 with classpath exception licenses.

I'm not a copyright expert, but I believe if we expressly license the file under GPL we're OK?
As an example
I'd have to go check the history (as it was literally years ago now), but I believe we ported some GlassFish changes to this class previously and I asked what the correct procedure for doing so would be with regards to licensing.

Since this file exists from the original Oracle GlassFish days, I'm also fairly certain we can't just strip the original copyright from it.
I'll ask around internally for advice.

The LICENSE.txt file in the Payara source code should also mention EPL2 license to clarfiy that some parts of the Payara source code are distributed under this license and not under the CDDL license. This is required by the EPL2 license. For more information, read here: https://www.eclipse.org/legal/epl-2.0/ (especially the 3. Requirements section).

The EPL license will get mentioned in the third party license file we generate and include in the release but I'll ask for advice on whether it also needs to be reflected in that file. My understanding is that is for our license, not necessarily the license of everything covered within the codebase.

Again though, not a copyright expert!
Thanks for the heads up!

@OndroMih
Copy link
Contributor

Hi, @Pandrex247. I think if you only use the GPL license, then it's OK. But the PR as it is now re-licenses the code from Eclipse GlassFish under both CDDL and GPL, which I think you can't do without approval of the original copyright holders within the Eclipse Foundation.

If you strip the CDDL license from the file, then the file is distributed under the GPL+CP exception only, which should be fine. As a result, you cannot distribute the whole code base under the CDDL license, only under the GPL+CP exception. I think this is already the case, as some files in your existing code base have CDDL and GPL+CP license, and some other files have only EPL and GPL+CP license, so it's not possible to distribute all the code or final binaries under CDDL or EPL, only under GPL+CP exception.

I'm not a lawyer either :) But I suggest getting an advice from a real lawyer.

@luiseufrasio @Pandrex247
Update nucleus/security/core/src/main/java/com/sun/enterprise/securit…
bd8d9ed 
…y/GroupPrincipal.java

Co-authored-by: Andrew Pielage <pandrex247@hotmail.com>
@luiseufrasio luiseufrasio merged commit 501082e into payara:master Jan 27, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Pandrex247 Pandrex247 Pandrex247 approved these changes

@breakponchito breakponchito Awaiting requested review from breakponchito

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@luiseufrasio @OndroMih @Pandrex247