Thread: Open source licenses
Dear PostgreSQL Team,
We are a software editor that historically use PostgreSQL for one of our product.
We currently use the version 9.6 since many years and now we would like to update to the last version 13.2.
However, before that, we would like to check some points regarding the embedded components and their licenses.
First, we install PostgreSQL with our installer using the Zip archive of binaries (for Windows) provided by EDB (available from your website).
It seems that the EDB Zip archive embed PgAdmin and StackBuilder in addition to the PostgreSQL server.
Do you know if some others modules are added by EDB ?
Then, it appears that the PostgreSQL server links some open source components that are not under the PostgreSQL license( ex: openssl, libcharset, ...).
Could you please provide a list of the components included in the PostgreSQL server, with the OpenSource license type for each component ? Or even, if possible, with the license file for each component ?
Best regards,
Nicolas DAVID
WORKNC DENTAL Project Manager
Manufacturing Intelligence division
Hexagon
Hexagon
440 Route des Allogneraies
71850 Charnay-les-Mâcon
France
HexagonMI.com | LinkedIn | Facebook | Twitter
CONFIDENTIALITY NOTICE: This email and any attachments may be confidential and protected by legal privilege. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the e-mail or any attachment is prohibited. If you have received this email in error, please notify us immediately by replying to the sender and deleting this copy and the reply from your system. Thank you for your cooperation. Please note all the views and opinions published here are solely based on the author's own opinion and should not be considered necessarily as reflecting the opinion of Hexagon Manufacturing Intelligence.
-----Original Message-----
From: Simon Riggs <simon@2ndquadrant.com>
Sent: 17 March 2021 18:57
To: DAVID Nicolas <nicolas.david@hexagon.com>
Cc: security@postgresql.org
Subject: Re: Contact
This email is not from Hexagon’s Office 365 instance. Please be careful while clicking links, opening attachments, or replying to this email.
On Wed, 17 Mar 2021 at 17:29, DAVID Nicolas <nicolas.david@hexagon.com> wrote:
>
> I use security@postgresql.org because I cannot find suitable mail address on the web site.
>
> Is there a mail address to request some information regarding the open source licences of the different postgresql components?
The licence for all software available on postgresql.org is shown here
The wider PostgreSQL ecosystem consists of many optional extensions and tools, both open and closed source, each of which has different licences. There is no single central place or authority that lists or controls those components and their respective licences. Some are listed here: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.postgresql.org%2Fdownload%2Fproduct-categories%2F&data=04%7C01%7C%7Ce0c997c9e991479cadf708d8e96e15c6%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C1%7C637516006314197196%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Uzh1jvV%2BxHsfufp0qynDPEWuvkzJpD%2FcQqoTVp0eLcw%3D&reserved=0
This is the wrong place to request or discuss such information. Please try pgsql-general@postgresql.org
--
On 3/18/21 6:32 AM, DAVID Nicolas wrote: > Dear PostgreSQL Team, > > We are a software editor that historically use PostgreSQL for one of our > product. > > We currently use the version 9.6 since many years and now we would like > to update to the last version 13.2. > > However, before that, we would like to check some points regarding the > embedded components and their licenses. > > First, we install PostgreSQL with our installer using the Zip archive of > binaries (for Windows) provided by EDB (available from your website). > > It seems that the EDB Zip archive embed PgAdmin and StackBuilder in > addition to the PostgreSQL server. > > Do you know if some others modules are added by EDB ? That is it: ~/postgresql-13.2-1-windows-x64-binaries/pgsql> ls bin doc include lib pgAdmin 4 share StackBuilder symbols > > Then, it appears that the PostgreSQL server links some open source > components that are not under the PostgreSQL license( ex: openssl, > libcharset, ...). > > Could you please provide a list of the components included in the > PostgreSQL server, with the OpenSource license type for each component ? > Or even, if possible, with the license file for each component ? That is going to depend on what the settings where when the source was compiled. The question is what is your concern? > > Best regards, > > ** > > *Nicolas DAVID** > *WORKNC DENTAL Project Manager > > Manufacturing Intelligence division > > *Hexagon* > > *E:***_nicolas.david@hexagon.com <mailto:nicolas.david@hexagon.com>_ > > __ > > Hexagon > > 440 Route des Allogneraies > > 71850 Charnay-les-Mâcon > > France > > _HexagonMI.com <https://www.hexagonmi.com/en-GB>_|_LinkedIn > <https://www.linkedin.com/company/hexagon-manufacturing-intelligence/>_|_Facebook > <https://www.facebook.com/HexagonMI>_ |_Twitter > <https://twitter.com/HexagonMI>_ > -- Adrian Klaver adrian.klaver@aklaver.com
My concern is, I guess, the same for all the software editor using opensource components. It is to make an inventory of all the used opensource licenses from all the used components, to check and respect the termsof use, to preserve copyrights and intellectual property. Companies providing opensource components or libraries now often publish a list of the modules and their licences becausemost of the time it is a prerequisite for the adoption in many companies. For example, Qt Company publishes this page: https://doc.qt.io/qt-5/licenses-used-in-qt.html. However, when I get PostgreSql binaries for Windows (Zip archive linked to https://www.enterprisedb.com/download-postgresql-binaries),I can see in installation-notes.html : -> "The software bundled together in this package is released under a number of different Open Source licences. By usingany component of this installation package, you agree to abide by the terms and conditions of it's licence." This is unclear and even if I found some license files, or header files with copyrights, I cannot know certainly the listof installed components and their licenses. And finally, whatever if I use a component, as soon as I install it, I distributeit and thus I have to know the conditions. Could the PostgreSQL Global Development Group consider to provide these information ? Is there a team or a group in chargeof this ? Is there a direct email address to ask this kind of request ? Best regards, Nicolas DAVID
On Tue, 2021-04-06 at 13:47 +0000, DAVID Nicolas wrote: > My concern is, I guess, the same for all the software editor using opensource components. > > It is to make an inventory of all the used opensource licenses from all the used components, > to check and respect the terms of use, to preserve copyrights and intellectual property. > > However, when I get PostgreSql binaries for Windows (Zip archive linked to > https://www.enterprisedb.com/download-postgresql-binaries), I can see in installation-notes.html : > -> "The software bundled together in this package is released under a number of different > Open Source licences. By using any component of this installation package, you agree to abide > by the terms and conditions of it's licence." > > Could the PostgreSQL Global Development Group consider to provide these information ? > Is there a team or a group in charge of this ? Is there a direct email address to ask this > kind of request ? These installation packages are provided by EnterpriseDB, not by the PGDG. I think your request is reasonable, but you'll have to ask the packager. Yours, Laurenz Albe -- Cybertec | https://www.cybertec-postgresql.com
Yes sure. I also did it ... without answer. But my initial question concerned only the open source components linked to the PostgreSQL server that are not under thePostgreSQL license( ex: openssl, libcharset, ...). Regarding the other modules added by EDB, I will ask again to EDB. Best regards, Nicolas DAVID -----Original Message----- From: Laurenz Albe <laurenz.albe@cybertec.at> Sent: 06 April 2021 16:13 To: DAVID Nicolas <nicolas.david@hexagon.com>; Adrian Klaver <adrian.klaver@aklaver.com>; pgsql-general@postgresql.org Subject: Re: Open source licenses This email is not from Hexagon's Office 365 instance. Please be careful while clicking links, opening attachments, or replyingto this email. On Tue, 2021-04-06 at 13:47 +0000, DAVID Nicolas wrote: > My concern is, I guess, the same for all the software editor using opensource components. > > It is to make an inventory of all the used opensource licenses from > all the used components, to check and respect the terms of use, to preserve copyrights and intellectual property. > > However, when I get PostgreSql binaries for Windows (Zip archive > linked to https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.enterprisedb.com%2Fdownload-postgresql-binaries&data=04%7C01%7C%7C583222a39dbd466fc37208d8f9060595%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C1%7C637533151545577321%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Kt7JKBaZ%2Ft0U3yIFh3fpGZ05NOp46NIiiLqPqDLtYaI%3D&reserved=0), Ican see in installation-notes.html : > -> "The software bundled together in this package is released under > a number of different Open Source licences. By using any component of > this installation package, you agree to abide by the terms and conditions of it's licence." > > Could the PostgreSQL Global Development Group consider to provide these information ? > Is there a team or a group in charge of this ? Is there a direct > email address to ask this kind of request ? These installation packages are provided by EnterpriseDB, not by the PGDG. I think your request is reasonable, but you'll have to ask the packager. Yours, Laurenz Albe -- Cybertec | https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cybertec-postgresql.com%2F&data=04%7C01%7C%7C583222a39dbd466fc37208d8f9060595%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C1%7C637533151545577321%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=7AHjlx7QlEzfBD8Lv70mGVK1xSeOUJTJxliabSdKYuk%3D&reserved=0
On Wed, 2021-04-07 at 06:41 +0000, DAVID Nicolas wrote: > > > It is to make an inventory of all the used opensource licenses from > > > all the used components, to check and respect the terms of use, to preserve copyrights and intellectual property. > > > > > > However, when I get PostgreSql binaries for Windows (Zip archive > > > linked to [EDB]), I can see in installation-notes.html : > > > -> "The software bundled together in this package is released under > > > a number of different Open Source licences. By using any component of > > > this installation package, you agree to abide by the terms and conditions of it's licence." > > > > > > Could the PostgreSQL Global Development Group consider to provide these information ? > > > > These installation packages are provided by EnterpriseDB, not by the PGDG. > > > > I think your request is reasonable, but you'll have to ask the packager. > > Yes sure. I also did it ... without answer. Not nice. > But my initial question concerned only the open source components linked to the PostgreSQL server > that are not under the PostgreSQL license( ex: openssl, libcharset, ...). > Regarding the other modules added by EDB, I will ask again to EDB. That depends on how PostgreSQL was configured. It may be a bit cumbersome, but you could go through all the shared libraries (DLLs) in the "bin" directory that do not belong to PostgreSQL. The licenses for software like OpenSSL should be easy to find. Yours, Laurenz Albe -- Cybertec | https://www.cybertec-postgresql.com
Dear All, As I solution, I wanted to start to build Postgres from source by myself, in order to better managed what it is finally included. So I wanted to compile on Windows with Visual Studio. However, in the page https://www.postgresql.org/docs/current/install-windows.html, I can see: " It is recommended that most users download the binary distribution for Windows, available as a graphical installer packagefrom the PostgreSQL website. Building from source is only intended for people developing PostgreSQL or extensions." Why this recommendation ? Is there any "risk" by building from source ? Best regards, Nicolas DAVID WORKNC DENTAL Project Manager Manufacturing Intelligence division Hexagon E: nicolas.david@hexagon.com HexagonMI.com CONFIDENTIALITY NOTICE: This email and any attachments may be confidential and protected by legal privilege. If you are notthe intended recipient, be aware that any disclosure, copying, distribution or use of the e-mail or any attachment isprohibited. If you have received this email in error, please notify us immediately by replying to the sender and deletingthis copy and the reply from your system. Thank you for your cooperation. Please note all the views and opinionspublished here are solely based on the author's own opinion and should not be considered necessarily as reflectingthe opinion of Hexagon Manufacturing Intelligence. -----Original Message----- From: Laurenz Albe <laurenz.albe@cybertec.at> Sent: 07 April 2021 10:51 To: DAVID Nicolas <nicolas.david@hexagon.com>; Adrian Klaver <adrian.klaver@aklaver.com>; pgsql-general@postgresql.org Subject: Re: Open source licenses This email is not from Hexagon's Office 365 instance. Please be careful while clicking links, opening attachments, or replyingto this email. On Wed, 2021-04-07 at 06:41 +0000, DAVID Nicolas wrote: > > > It is to make an inventory of all the used opensource licenses > > > from all the used components, to check and respect the terms of use, to preserve copyrights and intellectual property. > > > > > > However, when I get PostgreSql binaries for Windows (Zip archive > > > linked to [EDB]), I can see in installation-notes.html : > > > -> "The software bundled together in this package is released > > > under a number of different Open Source licences. By using any > > > component of this installation package, you agree to abide by the terms and conditions of it's licence." > > > > > > Could the PostgreSQL Global Development Group consider to provide these information ? > > > > These installation packages are provided by EnterpriseDB, not by the PGDG. > > > > I think your request is reasonable, but you'll have to ask the packager. > > Yes sure. I also did it ... without answer. Not nice. > But my initial question concerned only the open source components > linked to the PostgreSQL server that are not under the PostgreSQL license( ex: openssl, libcharset, ...). > Regarding the other modules added by EDB, I will ask again to EDB. That depends on how PostgreSQL was configured. It may be a bit cumbersome, but you could go through all the shared libraries (DLLs) in the "bin" directory that do not belong to PostgreSQL. The licenses for software like OpenSSL should be easy tofind. Yours, Laurenz Albe -- Cybertec | https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cybertec-postgresql.com%2F&data=04%7C01%7C%7Cbee5be9a5edc434dabf008d8f9a23e5b%7C1b16ab3eb8f64fe39f3e2db7fe549f6a%7C0%7C0%7C637533822516425483%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FhPlqUOT%2FIciMfm1bNBfIiBDi%2FHoh2qOi8PfApQHPBs%3D&reserved=0
On Thu, Apr 29, 2021 at 10:35 AM DAVID Nicolas <nicolas.david@hexagon.com> wrote: > > Dear All, > > As I solution, I wanted to start to build Postgres from source by myself, in order to better managed what it is finallyincluded. > So I wanted to compile on Windows with Visual Studio. > > However, in the page https://www.postgresql.org/docs/current/install-windows.html, I can see: > " It is recommended that most users download the binary distribution for Windows, available as a graphical installerpackage from the PostgreSQL website. Building from source is only intended for people developing PostgreSQL or extensions." > > Why this recommendation ? Is there any "risk" by building from source ? The recommendation is purely one of convenience. Building PostgreSQL on Windows is not at all as straightforward as it is on Unix, particularly when it comes to managing the different dependencies (if you want/need them). And as you need to redo the build when either postgres or the dependencies have important updates, it can lead to a lot of more work there. But there is no "risk" other than that. The upcoming version of the docs (now on https://www.postgresql.org/docs/devel/install-binaries.html) will make it more clear that we also recommend using packages on for example Linux as well, when they are available. So the recommendation is generic, not Windows-specific. -- Magnus Hagander Me: https://www.hagander.net/ Work: https://www.redpill-linpro.com/