Thursday, 2024-08-08

« Wednesday, 2024-08-07 Index Friday, 2024-08-09 »
opendevreviewTony Breeds proposed openstack/election master: Include current affiliation in job output  https://review.opendev.org/c/openstack/election/+/92592700:07
fungias an example, i intend to continue as the infra liaison for the release team, mainly just waiting for the acknowledgement workflow to be hammered out before i act on that01:50
*** bauzas_ is now known as bauzas05:15
opendevreviewGhanshyam proposed openstack/governance master: Update DPL model reset steps  https://review.opendev.org/c/openstack/governance/+/92592605:29
*** bauzas_ is now known as bauzas05:37
*** bauzas_ is now known as bauzas07:33
*** bauzas- is now known as bauzas09:30
*** bauzas_ is now known as bauzas09:41
*** bauzas- is now known as bauzas12:56
opendevreviewSlawek Kaplonski proposed openstack/election master: Add email template for direct reminder about nomination deadline  https://review.opendev.org/c/openstack/election/+/92587314:45
SvenKieskecould you guys please clarify the language in https://governance.openstack.org/tc/reference/licensing.html ? for deployment projects like kolla, technically not all software we use and distribute are libraries or only tools run during testing, e.g. elasticsearch/opensearch consul etc.15:00
SvenKieskeI'm getting tired of people asking if we can add/distribute/keep BSL (business source licence, which is not OSI approved) (re)licenced stuff. I'm wasting way too much time on it. It's clear from context we can't do that.15:01
SvenKieskeI'm not familiar with the process here, should I raise a bug, just write here, or provide a patch to some TC repo?15:01
SvenKieskeso we distribute actual third party software, not just libs. to make that clear.15:02
fungiSvenKieske: from the perspective of what openstack governs, the "project" for kolla contains whatever source code is committed from contributors, so what ends up in compiled artifacts is sort of orthogonal to openstack's licensing expectations. i guess one way to look at it is will kolla work without those components?15:03
SvenKieskefungi: I'm not a lawyer but I can't imagine that stance holding up in court. if we distribute software it doesn't matter if we wrote it ourselves, we must comply with any licence of software we distribute15:04
fungiwhat the licensing guidelines are there to ensure is that openstack project source code is not contaminated by required linking to incompatible licenses15:04
fungiwhether kolla obeys copyright laws is, while very important, not the topic of that document15:05
SvenKieskewell, you might read up on BSLs definition of "embedded" then: https://www.hashicorp.com/bsl15:06
SvenKieskeI'm pretty sure that's what we do15:06
SvenKieskeso I would argue we _are_ contaminating our code by using BSL code15:06
fungii'm not arguing with you on that point, just saying "project contributors shouldn't violate copyright laws" is probably not necessary from a project governance perspective. there are already governments who say that exact thing15:07
fungiif the tc needed to list every possible law that projects shouldn't break, the list would be unmanageably long15:08
SvenKieskesure15:08
SvenKieskethen again, if your library licence is incompatible, it's of course illegal to use it, so I could argue you could scratch that from that document as well ;)15:09
SvenKieskeI actually think I have found such a case, but I guess I need to post to legal to get advice on that? https://bugs.launchpad.net/kolla-ansible/+bug/207531615:09
fungiSvenKieske: possibly closer to what you're asking about (though may not cover what you're hoping) is the 2017-05-30 tc resolution which was created specifically because kolla and other projects wanted to start shipping binary artifacts consisting of things outside their own direct creation: https://governance.openstack.org/tc/resolutions/20170530-binary-artifacts.html15:09
SvenKieskeah thanks, I didn't know that link15:10
SvenKieskeokay, while interesting this really doesn't cover any topic I'm currently having trouble with :)15:12
fungiSvenKieske: i think it might be useful to request that the tc render an opinion on what licenses are acceptable for software included in distributed binary artifacts, extending/amending the decision from the 2017-05-30 resolution15:12
fungiin the interim, asking license-related questions on https://lists.openstack.org/mailman3/lists/legal-discuss.lists.openstack.org/ is also an avenue you could take15:13
SvenKieskeat least for me that would be useful, yes, because each time external dependencies change their licences we have long discussions with clever people who think they can circumvent those changes somehow and it's a real drag.15:13
JayFAs a TC member I would be loathe to vote on any such resolution without advice from a lawyer.15:13
fungiwe can definitely engage the foundation's counsel on these topics at the tc's request15:14
fungithat is one of the reasons for the foundation's existence, after all15:14
SvenKieskewell, I assumed as much, I mean the current licence resolution was surely not crafted without a lawyer? :)15:14
fungicorrect15:15
SvenKieskeI really don't like this topic, but I feel ignoring it is worse.15:15
SvenKieskeah, the current question already was posted to legal, if anybody is interested: https://lists.openstack.org/archives/list/legal-discuss@lists.openstack.org/thread/IEGARFPOGX6QZAHMKIP4AG5MXEM7WVIO/15:15
JayFSvenKieske: fwiw, thank you for caring enough to have the conversations though, I agree it's important15:16
JayFSvenKieske: take my comment above as a sign of how important/serious I think it is :D15:16
SvenKieskeJayF: yeah sure, I always prepend my "knowledge" about license issues with "I am not a lawyer", I have read a lot about this stuff on lwn.net and various other sources, but I'm really no legal expert myself and I don't want to be.15:18
fungiwe have, for example, considered it okay for openstack projects to support use with non-open-source projects, as long as they're also fully functional without them. i guess what's more novel in this case is whether openstack contributors, utilizing openstack resources and under the auspices of an official openstack-approved banner, could distribute copies of non-open-source software15:19
SvenKieskebut yes, I care for free software, so I personally don't like these changes, even if I can understand them from a business pov.15:19
fungicase in point, we didn't require barbican to remove its support for hashicorp vault, because barbican is also fully functional without vault15:20
SvenKieskefungi: exactly. e.g. we have some influxdb support for stuff, but afaik we don't really test that.15:20
fungiand cinder has drivers that support proprietary system software as well15:21
SvenKieskeyeah vault is also a nice topic..I try to not look into that direction currently..there might be dragons.15:21
JayFfungi: SvenKieske: I'll note my inclination is, for the specific case fungi laid out, is "we shouldn't do that". Note I made no comment about if it's legal or not.15:25
funginote that it's also perfectly reasonable for the tc to decide that it's not something they want openstack projects doing, regardless of the legality of it15:31
fungirather than hoping lawyers will say no so that they don't have to15:31
SvenKieskesure, to be clear: I'm fine with almost any decision. But I would like to have some legal guidance from the project, so I don't need to evaluate these things constantly myself, that would be nice.15:34
fungiit's also unclear whether the request is to include a copy of consul in container images that the kolla team publishes, or merely to make it possible for users of kolla to build such images without having to carry a custom patch that adds the support for consul15:37
fungithe 2017 tc resolution basically already asserts that binary artifacts such as container images are not deliverables of openstack, are not intended for production use and are not officially supported by the openstack community15:39
fungifrom a governance standpoint, the expectation is that downstream deployments are either building their own images from kolla's recipes, or are getting pre-built images from a redistributor who is taking on the support and legal risks if they decide to embed components with questionable licensing15:41
gmanndansmith: for watcher DPL/PTL model, feel free to -1 on this and we can continue DPL model unless you would like to go for PTL model https://review.opendev.org/c/openstack/governance/+/92583116:31
gmannnoonedeadpunk: same ^^ for freezer case also.16:32
dansmithgmann: so, honestly, I wanted to avoid watcher going inactive in 2024.2, which I think I did.. so perhaps the best thing to do is to proceed with your reset and reevaluate in 2025.1..16:32
noonedeadpunkmy plan was to propose a follow-up patch to re-initiate DPL model16:33
gmanndansmith: ok. sure. thanks16:33
dansmithgmann: tbh, we (redhat) still don't seem any closer to deciding about whether or not we're going to put resources there, which is why I wanted to avoid the early inactivation int he first place16:33
gmannnoonedeadpunk: ack. +1. please do so that we can merge that before election nomination next week16:33
gmanndansmith: k. and if anyone else interested to maintain then this will give them more time to decide. so keeping it up in this cycle was a good idea.16:34
opendevreviewGhanshyam proposed openstack/governance master: Reset the DPL model for Oslo project  https://review.opendev.org/c/openstack/governance/+/92583416:35
opendevreviewDmitriy Rabotyagov proposed openstack/governance master: Re-initiate the DPL model for Freezer project  https://review.opendev.org/c/openstack/governance/+/92599716:36
gmannnoonedeadpunk: thanks16:36
noonedeadpunkI alomost forgot to do that, so thanks for the ping16:38
*** bauzas_ is now known as bauzas16:39
*** bauzas_ is now known as bauzas19:32
« Wednesday, 2024-08-07 Index Friday, 2024-08-09 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!