Open source licenses
Dear PostgreSQL Team, We are a software editor that historically use PostgreSQL for one of our product. We currently use the version 9.6 since many years and now we would like to update to the last version 13.2. However, before that, we would like to check some points regarding the embedded components and their licenses. First, we install PostgreSQL with our installer using the Zip archive of binaries (for Windows) provided by EDB (available from your website). It seems that the EDB Zip archive embed PgAdmin and StackBuilder in addition to the PostgreSQL server. Do you know if some others modules are added by EDB ? Then, it appears that the PostgreSQL server links some open source components that are not under the PostgreSQL license( ex: openssl, libcharset, ...). Could you please provide a list of the components included in the PostgreSQL server, with the OpenSource license type for each component ? Or even, if possible, with the license file for each component ? Best regards, Nicolas DAVID WORKNC DENTAL Project Manager Manufacturing Intelligence division Hexagon E: nicolas.da...@hexagon.com<mailto:nicolas.da...@hexagon.com> Hexagon 440 Route des Allogneraies 71850 Charnay-les-Mâcon France HexagonMI.com<https://www.hexagonmi.com/en-GB> | LinkedIn<https://www.linkedin.com/company/hexagon-manufacturing-intelligence/> | Facebook<https://www.facebook.com/HexagonMI> | Twitter<https://twitter.com/HexagonMI> CONFIDENTIALITY NOTICE: This email and any attachments may be confidential and protected by legal privilege. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the e-mail or any attachment is prohibited. If you have received this email in error, please notify us immediately by replying to the sender and deleting this copy and the reply from your system. Thank you for your cooperation. Please note all the views and opinions published here are solely based on the author's own opinion and should not be considered necessarily as reflecting the opinion of Hexagon Manufacturing Intelligence. -Original Message- From: Simon Riggs Sent: 17 March 2021 18:57 To: DAVID Nicolas Cc: secur...@postgresql.org Subject: Re: Contact This email is not from Hexagon's Office 365 instance. Please be careful while clicking links, opening attachments, or replying to this email. On Wed, 17 Mar 2021 at 17:29, DAVID Nicolas mailto:nicolas.da...@hexagon.com>> wrote: > > I use secur...@postgresql.org<mailto:secur...@postgresql.org> because I > cannot find suitable mail address on the web site. > > Is there a mail address to request some information regarding the open source > licences of the different postgresql components? The licence for all software available on postgresql.org is shown here https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.postgresql.org%2Fabout%2Flicence%2F&data=04%7C01%7C%7Ce0c997c9e991479cadf708d8e96e15c6%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C1%7C637516006314187203%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=QL85rotciGB22m6ZOFWusHLh63pn0eXh6c%2FISLmIpfk%3D&reserved=0 The wider PostgreSQL ecosystem consists of many optional extensions and tools, both open and closed source, each of which has different licences. There is no single central place or authority that lists or controls those components and their respective licences. Some are listed here: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.postgresql.org%2Fdownload%2Fproduct-categories%2F&data=04%7C01%7C%7Ce0c997c9e991479cadf708d8e96e15c6%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C1%7C637516006314197196%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Uzh1jvV%2BxHsfufp0qynDPEWuvkzJpD%2FcQqoTVp0eLcw%3D&reserved=0 This is the wrong place to request or discuss such information. Please try pgsql-gene...@postgresql.org<mailto:pgsql-gene...@postgresql.org> -- Simon Riggs https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.enterprisedb.com%2F&data=04%7C01%7C%7Ce0c997c9e991479cadf708d8e96e15c6%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C1%7C637516006314197196%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=1sguhDYtJZvVv4om3IjP1FFn4AbmNM0sKs6spwI6FQs%3D&reserved=0
RE: Open source licenses
My concern is, I guess, the same for all the software editor using opensource components. It is to make an inventory of all the used opensource licenses from all the used components, to check and respect the terms of use, to preserve copyrights and intellectual property. Companies providing opensource components or libraries now often publish a list of the modules and their licences because most of the time it is a prerequisite for the adoption in many companies. For example, Qt Company publishes this page: https://doc.qt.io/qt-5/licenses-used-in-qt.html. However, when I get PostgreSql binaries for Windows (Zip archive linked to https://www.enterprisedb.com/download-postgresql-binaries), I can see in installation-notes.html : -> "The software bundled together in this package is released under a number of different Open Source licences. By using any component of this installation package, you agree to abide by the terms and conditions of it's licence." This is unclear and even if I found some license files, or header files with copyrights, I cannot know certainly the list of installed components and their licenses. And finally, whatever if I use a component, as soon as I install it, I distribute it and thus I have to know the conditions. Could the PostgreSQL Global Development Group consider to provide these information ? Is there a team or a group in charge of this ? Is there a direct email address to ask this kind of request ? Best regards, Nicolas DAVID
RE: Open source licenses
Yes sure. I also did it ... without answer. But my initial question concerned only the open source components linked to the PostgreSQL server that are not under the PostgreSQL license( ex: openssl, libcharset, ...). Regarding the other modules added by EDB, I will ask again to EDB. Best regards, Nicolas DAVID -Original Message- From: Laurenz Albe Sent: 06 April 2021 16:13 To: DAVID Nicolas ; Adrian Klaver ; pgsql-gene...@postgresql.org Subject: Re: Open source licenses This email is not from Hexagon's Office 365 instance. Please be careful while clicking links, opening attachments, or replying to this email. On Tue, 2021-04-06 at 13:47 +0000, DAVID Nicolas wrote: > My concern is, I guess, the same for all the software editor using opensource > components. > > It is to make an inventory of all the used opensource licenses from > all the used components, to check and respect the terms of use, to preserve > copyrights and intellectual property. > > However, when I get PostgreSql binaries for Windows (Zip archive > linked to > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.enterprisedb.com%2Fdownload-postgresql-binaries&data=04%7C01%7C%7C583222a39dbd466fc37208d8f9060595%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C1%7C637533151545577321%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Kt7JKBaZ%2Ft0U3yIFh3fpGZ05NOp46NIiiLqPqDLtYaI%3D&reserved=0), > I can see in installation-notes.html : > -> "The software bundled together in this package is released under > a number of different Open Source licences. By using any component of > this installation package, you agree to abide by the terms and conditions of > it's licence." > > Could the PostgreSQL Global Development Group consider to provide these > information ? > Is there a team or a group in charge of this ? Is there a direct > email address to ask this kind of request ? These installation packages are provided by EnterpriseDB, not by the PGDG. I think your request is reasonable, but you'll have to ask the packager. Yours, Laurenz Albe -- Cybertec | https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cybertec-postgresql.com%2F&data=04%7C01%7C%7C583222a39dbd466fc37208d8f9060595%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C1%7C637533151545577321%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7AHjlx7QlEzfBD8Lv70mGVK1xSeOUJTJxliabSdKYuk%3D&reserved=0
RE: Open source licenses
Dear All, As I solution, I wanted to start to build Postgres from source by myself, in order to better managed what it is finally included. So I wanted to compile on Windows with Visual Studio. However, in the page https://www.postgresql.org/docs/current/install-windows.html, I can see: " It is recommended that most users download the binary distribution for Windows, available as a graphical installer package from the PostgreSQL website. Building from source is only intended for people developing PostgreSQL or extensions. " Why this recommendation ? Is there any "risk" by building from source ? Best regards, Nicolas DAVID WORKNC DENTAL Project Manager Manufacturing Intelligence division Hexagon E: nicolas.da...@hexagon.com HexagonMI.com CONFIDENTIALITY NOTICE: This email and any attachments may be confidential and protected by legal privilege. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the e-mail or any attachment is prohibited. If you have received this email in error, please notify us immediately by replying to the sender and deleting this copy and the reply from your system. Thank you for your cooperation. Please note all the views and opinions published here are solely based on the author's own opinion and should not be considered necessarily as reflecting the opinion of Hexagon Manufacturing Intelligence. -Original Message- From: Laurenz Albe Sent: 07 April 2021 10:51 To: DAVID Nicolas ; Adrian Klaver ; pgsql-gene...@postgresql.org Subject: Re: Open source licenses This email is not from Hexagon's Office 365 instance. Please be careful while clicking links, opening attachments, or replying to this email. On Wed, 2021-04-07 at 06:41 +, DAVID Nicolas wrote: > > > It is to make an inventory of all the used opensource licenses > > > from all the used components, to check and respect the terms of use, to > > > preserve copyrights and intellectual property. > > > > > > However, when I get PostgreSql binaries for Windows (Zip archive > > > linked to [EDB]), I can see in installation-notes.html : > > > -> "The software bundled together in this package is released > > > under a number of different Open Source licences. By using any > > > component of this installation package, you agree to abide by the terms > > > and conditions of it's licence." > > > > > > Could the PostgreSQL Global Development Group consider to provide these > > > information ? > > > > These installation packages are provided by EnterpriseDB, not by the PGDG. > > > > I think your request is reasonable, but you'll have to ask the packager. > > Yes sure. I also did it ... without answer. Not nice. > But my initial question concerned only the open source components > linked to the PostgreSQL server that are not under the PostgreSQL license( > ex: openssl, libcharset, ...). > Regarding the other modules added by EDB, I will ask again to EDB. That depends on how PostgreSQL was configured. It may be a bit cumbersome, but you could go through all the shared libraries (DLLs) in the "bin" directory that do not belong to PostgreSQL. The licenses for software like OpenSSL should be easy to find. Yours, Laurenz Albe -- Cybertec | https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cybertec-postgresql.com%2F&data=04%7C01%7C%7Cbee5be9a5edc434dabf008d8f9a23e5b%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C0%7C637533822516425483%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FhPlqUOT%2FIciMfm1bNBfIiBDi%2FHoh2qOi8PfApQHPBs%3D&reserved=0
