Avoiding MPL-2.0

[torsteingrindvik]

Describe the feature

We are interested in Zenoh at my workplace.

We use cargo deny check licenses.

Zenoh has a dependency which use MPL-2.0, and this may prevent us from using Zenoh.

If we pull Zenoh with no default features there is a single MPL-2.0 dep: option-ext via zenoh-util:

  = option-ext v0.2.0
    └── dirs-sys v0.4.1
        └── dirs v5.0.1
            └── shellexpand v3.1.0
                └── zenoh-util v0.10.1-rc

Are you open to considering

1. Having feature flags in Zenoh to ensure this is avoidable, or
2. Purging shellexpand altogether

or some combination?

Thanks in advance.

EDIT: I see that this dependency is a bit controversial: dirs-dev/dirs-sys-rs#21
There seem to be some linked PRs which might aid in replacing shellexpand if desired.

[ijackson]

I ended up reading this ticket via an MR submitted to shellexpand. I strongly disagree that any change should be made in shellexpand or zenoh to avoid the MPL.

IMO the submitter's organisation should have no problem with MPL-2.0, provided the trivial bureaucracy is dealt with. The solution is for them to allow the licence.

[fuzzypixelz]

@torsteingrindvik Neither one of the alternatives to shellexpand (or at at least the ones listed in its README) support both tilde expansion and environment variable expansion at once.

Zenoh uses shellexpand to resolve user-supplied paths of dynamically loaded libraries, so changing this would break user workflows. Still, a feature gate is possible but questionable given the trivial nature of this functionality.

There seem to be some linked PRs which might aid in replacing shellexpand if desired.

Which alternatives are you referring to?

I ended up reading this ticket via an MR submitted to shellexpand. I strongly disagree that any change should be made in shellexpand or zenoh to avoid the MPL.

I think it's only fair to explore the feasibility of such a change first.

[JEnoch]

@torsteingrindvik The MPL-2.0 license is approved by the Eclipse Foundation for usage a third-party content in all its projects. See https://www.eclipse.org/legal/licenses.php . We will soon engage an IP Due Diligence Process that should enforce the Eclipse approval for usage of those dependencies within Eclipse Zenoh v1.0.0.

I wonder what are yours or your Company's concerns with MPL-2.0 licensed content within Zenoh. Could you please clarify ? We could then raise those concerns to the Eclipse Foundation Intellectual Property Team and ask them for their opinion.

[torsteingrindvik]

@fuzzypixelz
My apologies, I didn't look into the linked PRs in dirs-dev/dirs-sys-rs#21 so I wasn't aware you had a larger feature set needed.

@JEnoch
I raised the MPL-2.0 issue internally for further investigation, and luckily we may now use MPL-2.0 as well 🎉
Thank you for offering to raise the concern within Eclipse although that will not be needed by us now.

I'm therefore closing this issue as this isn't a blocker for us anymore, feel free to re-open if you think the original suggestion of avoiding MPL-2.0 dependencies might be useful for other users.