Bug 453703

Summary: Review Request: trilinos - A collection of libraries of numerical algorithms
Product: [Fedora] Fedora Reporter: Deji Akingunola <dakingun>
Component: Package ReviewAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, mtasaka, notting, tcallawa
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-25 19:21:29 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 201449    
Attachments:
Description Flags
LIcense check list
none
Check list how licenses extend between source codes
none
Licensing conclusion check list none

Description Deji Akingunola 2008-07-02 00:28:56 EDT
Spec URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos.spec
SRPM URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos-8.0.7-1.fc9.src.rpm
Description: 
Trilinos is a collection of compatible software packages that support parallel 
linear algebra computations, solution of linear, non-linear and eigen systems 
of equations and related capabilities. The majority of packages are written in 
C++ using object-oriented techniques. All packages are self-contained, with the 
Trilinos top layer providing a common look-and-feel and infrastructure.
Comment 1 Mamoru TASAKA 2008-07-02 04:38:35 EDT
Your srpm doe not build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=691542

Note:
You can try to rebuild your package beforehand on koji by
$ koji build --scratch <target> <srpm_you_want_to_try>
where <target> can be either dist-f10, dist-f9-updates-candidate or
dist-f8-updates-candidate.
If the build ends successfully, the rebuilt binary rpms and some logs are put under
http://koji.fedoraproject.org/scratch/<your_FAS_name>/task_<task_id>/ .

I only just tried to rebuild this package, and it may be that I have no time to
review this
package.
Comment 2 Deji Akingunola 2008-07-02 13:05:08 EDT
The updated srpm below does build in dist-f9-updates-candidate on koji

Spec URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos.spec
SRPM URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos-8.0.7-2.fc9.src.rpm
Comment 3 Mamoru TASAKA 2008-07-02 13:33:00 EDT
Still failing on dist-f10:
http://koji.fedoraproject.org/koji/taskinfo?taskID=692663
Comment 4 Deji Akingunola 2008-07-02 14:31:16 EDT
(In reply to comment #3)
> Still failing on dist-f10:
> http://koji.fedoraproject.org/koji/taskinfo?taskID=692663

Yes, because lam library location have just been moved around in rawhide. The
below will build on dist-f10;
Spec URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos.spec
SRPM URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos-8.0.7-3.fc9.src.rpm

Comment 5 Deji Akingunola 2008-07-02 14:59:47 EDT
Just in case you find it useful, a koji scrath build of
trilinos-8.0.7-3.fc9.src.rpm on dist-f10 is at
http://koji.fedoraproject.org/koji/taskinfo?taskID=692807 .
Comment 6 Mamoru TASAKA 2008-07-03 15:03:55 EDT
Well, would you check the license issue first?

Actually the trilinos-8.0.7.tar.gz contains 7205 files and while I am trying
hard to check the license of this package but it needs verification by other person.
As far as I checked this package, some files has different licenses than LGPLv2+:
-------------------------------------------------------------------------------
packages/amesos/src/UFsparse/CCOLAMD/	LGPLv2
packages/amesos/src/UFsparse/CHOLMOD/	LGPLv2
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod_matrixops.h	GPLv2
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod_modify.h		GPLv2
packages/amesos/src/UFsparse/COLAMD/colamd_global.c	LGPLv2
packages/amesos/src/UFsparse/PARAKLETE/	LGPLv2
packages/aztecoo/src/az_matvec_mult.c	GPLv2+
packages/ml/				GPLv2+
packages/trilinoscouplings/examples/ml/NonlinML/ml_nox_1Delasticity_example.cpp
GPLv2+
packages/trilinoscouplings/src/ml/	GPLv2+
---------------------------------------------------------------------------------

At first I checked the header inclusion/linkage issue of GPLv2 part, then as far
as I checked it the following files are affected by GPLv2 license "pollution":
---------------------------------------------------------------------------------
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod_matrixops.h
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod_modify.h
->
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod.h
->
packages/amesos/src/UFsparse/CHOLMOD/Include/cholmod_internal.h
packages/amesos/src/UFsparse/PARAKLETE/paraklete.h
->
packages/amesos/src/UFsparse/CHOLMOD/Cholesky/
packages/amesos/src/UFsparse/CHOLMOD/Core/
packages/amesos/src/UFsparse/PARAKLETE/
->
libamesos.a
->
libamesos.so
libifpack.so
libml.so
libnox.so
libnoxepetra.so
PyTrilinos/_Amesos.so
PyTrilinos/_IFPACK.so
PyTrilinos/_ML.so
NOX/___init__.so
NOX/_Abstract.so
NOX/_Solver.so
NOX/_StatusTest.so
NOX/Epetra/___init__.so
NOX/Epetra/_Interface.so
---------------------------------------------------------------------------------------

I have not checked GPLv2+, LGPLv2 license pollution yet.
Comment 7 Deji Akingunola 2008-07-03 15:52:07 EDT
(In reply to comment #6)
> Well, would you check the license issue first?
> 
> Actually the trilinos-8.0.7.tar.gz contains 7205 files and while I am trying
> hard to check the license of this package but it needs verification by other
person.
> As far as I checked this package, some files has different licenses than LGPLv2+:
> 
...
---------------------------------------------------------------------------------
> 
> At first I checked the header inclusion/linkage issue of GPLv2 part, then as far
> as I checked it the following files are affected by GPLv2 license "pollution":
> 

What exactly do you mean by license "polution" ?

Comment 8 Jason Tibbitts 2008-07-03 23:55:39 EDT
When you link GPLv2+ code with GPLv2 code, the result is GPLv2.  Thus you have
to carefully check the extent that the limitation to v2 only extends throughout
all of the object files and executables.  Mamoru is not using the word
"pollution" with a negative connotation.
Comment 9 Mamoru TASAKA 2008-07-04 13:38:45 EDT
As explained by Jason:
If a source code includes a file licensed by GPL, the code including the file
should also be under GPL. Also if a binary links to a library licensed under
GPL, the binary should be under GPL.
So we have to check how the codes in the tarball licensed under GPL (v2 or v2+
must be distinguished here) affects other codes or the rebuilt binaries.
My comment 6 says, for example, that the fact some codes are under GPLv2 makes
the licenses of some binaries  GPLv2.
Comment 10 Mamoru TASAKA 2008-07-08 11:55:35 EDT
Created attachment 311284 [details]
LIcense check list
Comment 11 Mamoru TASAKA 2008-07-08 11:57:24 EDT
Created attachment 311285 [details]
Check list how licenses extend between source codes
Comment 12 Mamoru TASAKA 2008-07-08 11:58:18 EDT
Created attachment 311287 [details]
Licensing conclusion check list

The licenses of the files included in rebuild binary rpms.
Would you check this list?
Comment 13 Deji Akingunola 2008-07-08 12:14:17 EDT
Actually I've been in touch with package's upstream concerning the license
issue, and they promised to fix it and to release an update with the fix soon-ish.
Sorry I didn't state this earlier and spare you from the license checks.
Comment 14 Jason Tibbitts 2008-08-10 14:58:26 EDT
Any update from upstream?
Comment 15 Deji Akingunola 2008-08-11 01:15:24 EDT
(In reply to comment #14)
> Any update from upstream?

They are working on it. A couple of the affected source codes have already been properly 're-licensed' to LGPLv2+ .
Comment 16 Jason Tibbitts 2008-10-01 14:43:42 EDT
Marking this as not being ready for review; please clear the status whiteboard when the situation changes.
Comment 17 Deji Akingunola 2008-10-12 23:15:57 EDT
Upstream has put out a new release with a substantial fixes to the license 'pollution' issue. There are now no more source codes with GPL licence (to the best of my knowledge). However a small portion of it still caries LGPL only, so I've resorted to using LGPLv2 in the specfile license tag. Upstream has indicated their interest to resolve all the remaining license issues, and when that happens we may update the license tag to LGPLv2+ .
I hope the review can continue now, Thanks.

Spec URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos.spec
SRPM URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos-9.0.0-1.fc10.src.rpm

Note: The packaging have undergone some changes since it was first introduced, mainly that it now builds with MPI support, and enables all the subpackages available in the trilinos suite.
Comment 18 Mamoru TASAKA 2008-10-13 01:52:12 EDT
Would you try koji scratch build again? (see my comment 1)
The build fails on dist-f10, both on i386 and x86_64.
http://koji.fedoraproject.org/koji/taskinfo?taskID=876308
Comment 19 Deji Akingunola 2008-10-13 10:01:06 EDT
It was missing a BR on gcc-gfortran (used to be pulled in by lam-devel, but that has now been replaced by openmpi-devel).

Spec URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos.spec
SRPM URL: ftp://czar.eas.yorku.ca/pub/trilinos/trilinos-9.0.0-2.fc10.src.rpm

The scratch build below has completed successfully for i386 and x86_64;
http://koji.fedoraproject.org/koji/taskinfo?taskID=877310
Comment 20 Mamoru TASAKA 2008-10-16 14:15:10 EDT
Well, I may have overlooked the following issue before, however:

while I just glanced at the source codes quickly and I have not examined
this package yet, now I have some concern about this package so I want to
ask spot.

@ spot:
Would you check some codes I write below?
A. 
packages/anasazi/epetra/util/ModeLaplace/BlockPCGSolver.cpp or so
These files have the license terms like below:
------------------------------------------------------------
// The distribution of this software follows also the rules defined in Trilinos.
// This notice shall be marked on any reproduction of this software, in whole or
// in part.
//
// Under terms of Contract DE-AC04-94AL85000, there is a non-exclusive
// license for use of this work by or on behalf of the U.S. Government.
//
// This program is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-------------------------------------------------------------
I am not a lawyer and know almost nothing about US law. Then
what does this "Contract DE-AC04-94AL85000" mean?

B. Perhaps more issue:
Trilinos_version.h
packages/fei/base/FEI_Implementation.cpp
and even more:

These files have the license terms like below:
/*--------------------------------------------------------------------*/
/*    Copyright 2005 Sandia Corporation.                              */
/*    Under the terms of Contract DE-AC04-94AL85000, there is a       */
/*    non-exclusive license for use of this work by or on behalf      */
/*    of the U.S. Government.  Export of this program may require     */
/*    a license from the United States Government.                    */
/*--------------------------------------------------------------------*/
Especially I am concerned about the sentence "Export of this program
may require a license from..". What does this mean?
By the way the upstream is http://trilinos.sandia.gov/.


@ deji:
I found that some files like:
packages/zoltan/src/postprocessing/ordering/order_eval.c 
(I could not find this file in 8.0.7 tarball) are licensed
under CeCILL-C. While this license does not conflict with LGPL,
this surely conflicts with GPL, so this may be against what
you want. Would you check how these codes are used?
Comment 21 Tom "spot" Callaway 2008-10-16 15:06:28 EDT
I'm more concerned about B, since I also have no idea what Contract DE-AC04-94AL85000 means. We'd need upstream to clarify this for us.
Comment 22 Jason Tibbitts 2008-12-17 13:55:57 EST
So this was marked as being ready for review, but there's still a license concern.     I'm going to mark this again as not being ready.  It has also been two months since the last set of questions with no response from the submitter.  Are you still working out the license issues with upstream?
Comment 23 Jason Tibbitts 2010-01-25 19:21:29 EST
More than an entire year later, I'm going ahead and closing this.