List of open source libraries

Is there a list of the open source libraries that the hub is using? Poking around here in the community looking at error messages I see that they are using the following:

H2 database (unknown version)
Jetty (unknown version)
org.codehaus.groovy.modules.http-builder - http-builder (unknown version)
org.quartz-scheduler - quartz (unknown version)
org.codehaus.groovy - groovy 2.4.19
com.squareup.okhttp3 - okhttp (unknown version)
org.apache - httpclient (unknown version)
com.mchange - c3p0 (unknown version)
org.json - json (unknown version)
su.litvak.chromecast - api-v2 (unknown version)

Is there a full list somewhere?

Edit: did more digging and added more libraries above.

3 Likes

Yes, I need to fetch the link to it...

Thanks, any update on this?

that should be it
https://hubitatgpl.s3.us-east-2.amazonaws.com/aml-a113x.tar.gz

I'm pretty sure the FW runs on Java 8 -, its not open source but I am pretty sure that it does.

1 Like

Thanks for getting back to me, but that appears to be the linux operating system. There is no reference to the libraries I listed above.

Bump. @mike.maxwell do you have the list with licenses and any modifications you have made?

The question of listing all FOSS libraries/apps has been answered in PM to me. There is a promise they will have this done ASAP and hope it is actually done in a timely fashion as this has been a question asked many times.

Here is an interim list of the GPL libraries, incomplete in one regard to be corrected soon (underlying Linux libraries). Once complete, this will be posted in docs.hubitat.com for full public disclosure. These libraries have not been modified.

Library 									                    Version

ANTLR 4 Runtime 								                4.5.1-1
ASM,a very small and fast Java bytecode manipulation framework	5.0.4
Bouncy Castle Provider  							            1.64
C3P0 - a JDBC Connection pooling / Statement caching library 	0.9.5.4
Zsmartsystems ZigBee    							            2.1.10
Zsmartsystems ZigBee Dongle Ember   					        2.1.10
Jakarta Activation API  							            1.2.2
Jakarta XML Binding API 							            2.3.3
Jaudiotagger    								                2.0.3
Java Servlet API    							                3.1.0
Java Native Access Platform 						            4.2.2
Mchange Commons Java (for C3P0)						            0.2.15
Eclipse Paho Client Mqttv3  						            1.2.4
8 Likes

Thank you @bravenel

1 Like

Do you have a time line for when you will list the rest of the open source code you are using along with the licenses for each?

Your statement seems to imply that you are not using any other open source software in your Hubitat code and that all that remains to list is the underlying Linux OS software, did I interpret that statement correctly?

We only plan to list GPL licensed sources, as per the license requirements.

H2 database is licensed under MPL 2.0 and EPL 1.0, it is not GPL. Just because code is not using GPL does not mean that you do not need to disclose it, you should be following the license requirements for each library that you use.

You posting this then should be suffice to the list then since nearly everyone knows H2 is the DB being used. No need to bug @bravenel about it anymore.

I was using H2 as an example of a library they are using that is not GPL and yet they have disclosed it. Also they have not followed the licensing requirements that H2 requires. I am referring to all the other libraries that they are using that they are not giving credit for and are using without following the license agreements.

So basically you want the list of all the busybox GPL code it uses for its base OS... it's a cascading effect then and nearly impossible to list each and every GPL program or library used which simply cannot be done. Is there a possibility that some js library used is GPL... yup but I'm not going to raise hell over that, that's between the developer and Hubitat then.

Is there any non-GPLv2/v3 code being used.. more than likely yes but we are again asking for something that has a cascading effect... Apache2 requires a bunch of open source libraries for certain functions such as SSL libraries but seeing that Apache2 already discloses this along with any other open source libs they use there is no reason to list what is already there.

What? The license agreements do not say that if it is too much work you can go ahead and skip it, that being said it is actually quite easy. They have created a Java program and are most likely using Maven or Gradle to build it. With Gradle they can run the command "gradle dependencies" and print out the libraries they are using, in Maven they can use the command "mvn dependency:tree" to do the same.

For GPL code, they are required to not only list the libraries they are using but they also must provide the source code of those libraries. For non GPL libraries they must follow the license agreement for each one, most of which include the provision that they list the library they are using and also include the license agreement for each. See the SmartThings disclosure for an example of how it should be done. https://www.smartthings.com/foss

2 Likes