As a consequence of MongoDB switching to Server Side Public License 1.0, Debian decided that they won't be allowing it in their main repo. It also means that they might not be able to provide security fixes for older, DFSG-compatible versions. Currently, we're using MongoDB in 2 places:
EventLogging- xhgui
We don't have to do anything right now, but in the long term, we have several options:
- Hope that SSPL 2.0 will be a free software license.
- Use SSPL licensed packages from the vendor. This would require legal approval (and this license is even more restrictive than AGPL which we discussed in wikitech-l and general opinion was that it's not very good for us).
- Use old packages until they're out of support. Then maybe someone comes up with a viable fork.
- Stop using MongoDB.
- debian.org discussion: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915537
- opensource.org license review of SSPL 1.0: https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-October/thread.html#3654
- reviews of SSPL 2.0:
- https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-November/date.html#3836
- https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-December/date.html#start
- https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2019-January/003938.html