we are looking into redistributing Infinispan-Server (currently in version 8.6.2.Final) in a commercial context.
To be able to do this in a compliant fashion, we'd like to better understand the licensing aspects of all integrated open source components and their associated licenses.
Looking into the downloaded Infinispan-Server archive we found the following details:
infinispan-server-8.2.6.Final/copyright.txt (list of names and emails of contributors to infinispan(-server) we assume)
infinispan-server-8.2.6.Final/LICENSE.txt (LGPL 2.1 license text, which we regard the license for all Infinispan-Server artifacts and configuration files)
infinispan-server-8.2.6.Final/docs/licenses (folder containing license information of the infinispan-server distribution)
infinispan-server-8.2.6.Final/docs/licenses/licenses.xml (an xml descriptor with dependency lists and licenses meta data)
Based on this we performed a deeper analysis. We basically synchronized the information in licenses.xml with the JAR files contained inside the archive.
We found that there are significant differences and ambiguities between the two sources of information. The result in brief:
- There are several JARs listed in the XML, which are not included in the distribution.
- There are several JARs in the distribution, where no license information is associated in the licenses.xml.
- For some artifacts there is a mismatch between the version in the distribution and the version referred to in the licenses.xml.
- And for several artifacts there are ambiguities in terms of the effective license.
I'm very interested in straightening this out. But I think I need a contact with whom I can exchange the detailed results of the analysis and clarify questions. Internally we have very strict policies on the redistribution of open source components and clear ethics to value the open source community effort.
Did I miss any information that is of relevance for me, that is not part of the distribution? In general there is an ambiguity between plain infinispan artifacts (JARs; Apache License 2.0) and the Infinispan-Server Distribution (ZIP; LGPL 2.1 + subcomponents). In terms of documentation I couldn't find any background on the matter.
Looking forward for feedback...