[javajosh]

I use Java every day, but we're stuck with Java 8 because of the confusing and frankly scary licensing around later JDKs. I would love to move to 17 but I need something to show to the C-levels that gives them warm and fuzzies around the license. Does such a thing exist?

EDIT: I find it quite depressing that so many want to attack people for being confused around Java licensing. I submit that it is confusing on its face, but moreover insiders seems to understand how confusing it is, too:

https://softwareengineering.stackexchange.com/questions/1194...

https://medium.com/@javachampions/java-is-still-free-2-0-0-6...

[StevePerkins]

I just don't buy this at all. Unless you're talking about a seed-round startup, where the C-levels are all 20-something year old frat bros straight out of college. No remotely competent CTO or CIO in any halfway respectable enterprise is still going to be confused about Java licensing in 2021.

The only people I EVER encounter with any confusion around Java licensing are students, entry-level devs, and people from other ecosystems who parrot things they hear on Internet forums.

OpenJDK is free and open source. It imposes no license restrictions on your server-side applications, and these days imposes virtually no limitations on retribution of the JDK itself with traditionally-shipped applications.

Oracle's own binary build of the OpenJDK source code is a commercially licensed thing, because it comes with some extra proprietary tools that people might care about when profiling applications in a large enterprise. But there are other OpenJDK builds with no cost or licensing restrictions whatsoever, from Azul, IBM, Amazon, and others. Outside of the largest and most conservative Oracle shops, virtually everyone uses one of these free JDK builds.

So much nonsense FUD is made from "lack of commercial support" for the non-Oracle JDK builds. Not "having someone to sue" if something goes wrong, etc. For one thing, who are you supposed to sue when you have a problem with Python or Node? If you want someone to be financially liable to you, then you have to financially pay someone to take on that liability. In practice though, have you ever even heard of a lawsuit over a JDK bug? This is nonsense.

[javajosh]

Ignoring the ad hominem attacks, I appreciate your attempt to clarify the situation. However, you are factually wrong about Oracle's position, because they actually offer two different builds of Java - one that is GPL'd (with classpath exception) and one that is commercial[1]. I take the first claim seriously because it's downloadable as a tar.gz file without any license acceptance. However "GPL" is another thing that causes worry among the C-levels (and myself). A superficial reading might be that Oracle's JDK does not come with the GPL encumbrance. But this also raises the question: what differs between the various JDK builds? And again, what is the legal status of "OpenJDK" particularly WRT Oracle?

I personally don't think these are stupid or trivial questions. Nor do I think the answers are obvious. Nor are they nonsense FUD. I am certainly NOT an Oracle partisan - I saw first hand what they did with Sun.

1 - https://jdk.java.net/17/

[papercrane]

> A superficial reading might be that Oracle's JDK does not come with the GPL encumbrance.

This is the whole point of the "classpath exception". You can run, build and distribute Java programs under any license you choose.

> But this also raises the question: what differs between the various JDK builds?

Very little typically. Some like RedHat or Amazon enable extra options, like the Shenandoah GC. The big difference is who you contact for support.

> what is the legal status of "OpenJDK" particularly WRT Oracle?

I'm not sure what this question even means, but frankly given Microsoft, IBM and Amazon are all building and distributing their own builds of OpenJDK I don't think there are any significant legal issues, these are all companies with teams of lawyers on retainer.

[javajosh]

How about this: what is "OpenJDK"? It used to be an independent open-source clone of the Sun-then-Oracle implementation of the JVM/JLS/JSR specs under a liberal license. Now it seems to mean something different - like a working group that manages the specs, but no longer has a build of it's own. By convention, it seems that Oracle's "OpenJDK build" is the "default" OpenJDK build, but Oracle also provides a "commercial build", which is also, confusingly, an implementation of "OpenJDK".

Meanwhile other vendors have "OpenJDK" builds: Amazon (corretto), Red Hat, etc. This means that they offer binaries that implement the OpenJDK specs.

My mental model is currecntly: So there's a spec and an implementation, OpenJDK can refer to both, and a vendor can have multiple implementations of OpenJDK (spec), and some of impls can be closed/commercial, as in the case of Oracle (and maybe Red Hat?).

[papercrane]

OpenJDK was never an independent clone. OpenJDK was started by Sun and was all of the JVM code they could relicense. Contributions to it were done either by Sun themselves, or by companies and individuals that signed a contributor agreement. This has continued under Oracle. Notably this includes Redhat, IBM, Microsoft, Azul, Apple and SAP. Originally the code didn't have enough components to produce a useful JVM, and Redhat put a lot of effort into producing builds that integrated with IcedTea to produce a fully Free Software JVM. Now though the OpenJDK has all of the components needed to produce a JVM.

OpenJDK is Oracle's reference implementation of Java, and provides a GPL+Classpath exception licensed build on their website. Additionally, Oracle provides a build a commercially supported build from their website. The commercial builds from Oracle have included other additions, but over the years the amount of closed sourced add-ons has decreased.

Other vendors provide builds of the OpenJDK, most include additional code, although for the most part the changes are minimal. All of these builds are based on the OpenJDK, and adhere to the GPL+Classpath exception.

There is also Azul Platform Prime/Zing. Which is there own JVM with an LLVM-based JIT, I'm not sure if they're using any OpenJDK code, but if so I assume they have a commercial agreement with Oracle.

[StevePerkins]

> How about this: what is "OpenJDK"? It used to be an independent open-source clone

Please educate yourself before spreading misinformation on this forum.

OpenJDK is not a "clone", a "fork", or some other re-implementation of the Oracle JDK. It's the other way around. OpenJDK IS the source code for the Java Virtual Machine and standard library. All binary distributions are based on this source.

Some binary distributions are freely available. Others include additional proprietary tools, or commercial support or whatever, and require paid licensing. But these all derive from the some common upstream.

You are painting a picture that is equivalent to saying that the Linux source code is a "clone" of RedHat Enterprise Linux. That is not accurate whatsoever.

[javajosh]

May you get down-voted into oblivion for your rudeness. It's not only unnecessary and uncalled for, but redundant.

If you'd like an example of how to correct someone's misunderstanding in a constructive manner, see sibling comments, which were posted prior to yours by an hour.

[twic]

> what is "OpenJDK"?

It is an open source project, comprising a codebase, a set of contributors, and various mailing lists, processes, and so on, just like any other open source project.

The codebase is a continuation of the original Sun (later Oracle) JDK, now licensed under GPL 2 [1], with a linking exception that makes it fairly similar to the LGPL [2].

The contributors are mostly employees of big companies, with Oracle having by far the largest share.

The OpenJDK project releases source code, but does not itself distribute binary builds. In this respect, it is like numerous other open source projects, such as GNU coreutils.

Binary builds are made and distributed by operating system distributors (Red Hat, Debian, FreeBSD, etc), and also by various independent groups. As usual, each distributor may or may not add its own patches before building, and may or may not contribute these upstream. Eclipse Adoptium (formerly known as AdoptOpenJDK) [1] does not apply significant proprietary patches (just branding stuff), so it's a good place to get a plain vanilla OpenJDK build. Amazon's Corretto [4] in principle could contain whatever patches Amazon thinks are cool, but in practice usually just has a few backported bugfixes [5]. Azul's Core (formerly known as Zulu) has a bunch of patches (i couldn't find a list), and an option of commercial support) [6]. Oracle have a couple of builds, but you can ignore them. There are also builds from SAP, Bellsoft, and maybe others, but i have never really looked into them. Most people i know just use the AdoptOpenJDK / Adoptium builds, or whatever their distro gives them.

EDIT: I got the Adoptium thing slightly wrong. AdoptOpenJDK made builds; those builds are now called Eclipse Temurin. Eclipse Adoptium is some sort of 'marketplace' where different builds are validated and made available. To me, this sounds like one of those Apache grand ideas that won't go anywhere, but we'll see.

[1] https://github.com/openjdk/jdk/blob/master/LICENSE

[2] https://opensource.stackexchange.com/questions/1410/what-is-...

[3] https://adoptium.net/releases.html

[4] https://aws.amazon.com/corretto/

[5] https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/p...

[6] https://www.azul.com/products/core/

[javajosh]

Yes, that all seems so trivial a small child could understand it. So what's my problem?! /s

But seriously, you don't see how this might be confusing? And what you've described is really only the tip of the iceberg. Who defines the specs? Who writes the compliance tests with the specs? Who runs those and certifies that implementations are compatible? What limits are there on entities that make builds, either on the patches they can apply (and still call it "Java") or the licenses they can adopt? What does "GPL with classpath exception" mean in the real world, that JDK-itself changes must be upstreamed, but linked applications need not be? What are the limits there?

The point is, getting an open source JDK binary is not easy, especially if you want to understand what you're getting. "OpenJDK" may exist as an OSS project, but I wouldn't call it typical. Not because it doesn't release binaries (although I just discovered it does, provided by Oracle for Windows/Linux only), but because of the license, the owner, and the owner's relationship to binary builders. The binaries you can get in practice have unknown additions from the vendor, and possible adjustments to the license (or is only Oracle allowed to make alternative licenses for an OpenJDK build?)

Compare java distribution to, say, node or python. Is it really fair to accuse someone who is confused of being an idiot?

[boulos]

Hmm. Without Corretto, which is "recent", I don't see how your argument holds. "No" seed stage company is going to use something from Azul, and probably not from "regular" IBM either (that is, exempting RedHat).

Without Corretto, I think Oracle really has poisoned the well.

[1] https://aws.amazon.com/corretto/

[javajosh]

It's particularly confusing because "OpenJDK" used to be an independent group who's purpose was to build a fully open-source Java - and it was Apache licensed. Now, it seems that "OpenJDK" refers to a specification and/or working group which NO LONGER provides a build, instead relying on vendors to do so, and indeed the vendors have wide latitude about how they license it.

This is genuinely complicated, I'm not a lawyer or a software license expert, and I don't understand it. And honestly, based on some of the haughty and arrogant, but factually wrong, comments I've been seeing, I suspect that a lot of people think they understand it, but don't.

[boulos]

Which is exactly your point! The uncertainty/confusion is now super high due to Oracle's actions. It's literally fear, uncertainty, and doubt.

It's a bit like GPL and other open source licensing in the early days ("better not touch GPL code at all") rather than the now commonplace "Ahh, yes. No to AGPL, but GPL is fine since we won't distribute it. We'd prefer APL" practices.

I absolutely believe that experts in licensing understand the OpenJDK / Corretto / Microsoft's OpenJDK distro and so on. But it really did go from "yeah, openjdk is no problem" to "hmm, do we understand this?".

[papercrane]

> "OpenJDK" used to be an independent group who's purpose was to build a fully open-source Java - and it was Apache licensed.

You've confused OpenJDK with Apache Harmony. The Harmony project dissolved in 2011, essentially being killed by IBM's decision to join the OpenJDK project instead.

[Gerardo1]

OpenJDK: "Oracle’s free, GPL-licensed, production-ready OpenJDK" I don't know what could be more convincing than an explicit open license.

[javajosh]

The Oracle License FAQ is scary and opaque.

https://www.oracle.com/za/java/technologies/javase/jdk-faqs....

[_old_dude_]

This FAQ is about Java SE builds, not the OpenJDK builds.

Java is Still Free (2019) https://medium.com/@javachampions/java-is-still-free-2-0-0-6...

I don't know if there is a more recent version

[Gerardo1]

It is, I definitely agree, but the statement I quoted is pretty darn straight-forward.

[javajosh]

But it's also wrong. Is there any legal precedent establishing what the "GPL with classpath exception" even means? Does each build of the OpenJDK come with it's own license?

https://softwareengineering.stackexchange.com/questions/1194...

[eganist]

> OpenJDK: "Oracle’s free, GPL-licensed, production-ready OpenJDK" I don't know what could be more convincing than an explicit open license.

lack of enterprise support.

And also what javajosh said. Here's a(n arguably biased) corroboration: https://www.mondaq.com/unitedstates/corporate-and-company-la...

[filomeno]

> lack of enterprise support.

You don't get that with Java 8 either, unless you are willing to pay for it. In that case, what's the difference between paying Oracle for support for Java 8 and newer releases?

[jatins]

what does enterprise support mean in context of a programming language?

[javajosh]

It means having a service that you can contact with questions about the platform. For example, if you're having a weird GC problem you can pay Red Hat $300/hr to have a presumed expert (ideally a committer to OpenJDK) look at it with you and help you solve it. There may also be variants of this where you "subscribe" and get a certain number of support hours.

[ozzythecat]

I'm curious if there is really a strong need for this service. What kinds of problems is a company solving and at what scale, that they need to have dedicated support with the language?

[hyperpallium2]

Suing Google for a billion dollars makes people irrationally nervous.

Just sign the license and agree to all the terms and conditions. Nothing will go wrong.

[pjmlp]

So when will Android Java be proper Java?

[didibus]

Java and the OpenJDK have become more free than it was before, just don't use the OracleJDK if you don't like their commercial license. Instead use the OpenJDK.

[jillesvangurp]

Exactly. There is zero technical reason to use the Oracle JDK. OpenJDK licensing is GPLv2 with the classpath exception. Nice and simple. If you want to get your arm twisted and pay more, Oracle indeed provides you that option. You can also get a nice linux distribution from them and a database. And companies actually exist that buy all those things from them.

But for the rest of the world, you can also get certified JDKs from Azul, Amazon, Red Hat and a few others. All fine choices. Pretty much the entire financial industry, including some of the most conservative companies on the planet, depends on Java and I doubt most of them are paying Oracle for that. Why would they?

[dvdkon]

Perhaps point out how many non-Oracle commercial JVM vendors exist? They might not trust Oracle to be sane, but Red Hat, Microsoft, SAP and Amazon are all very big names in the industry who offer their own JDK distributions, some of them also offer commercial support.

[javajosh]

Do you know what the legal relationship is between Red Hat and Oracle is? I think Oracle v Google has sent shivers of fear through anyone wanting to rely on Java, including through an intermediate, because the strength of the relationship is only as strong as the weakest link in the chain. In other words, what is the risk that Red Hat will be sued by Oracle someday over their use and support of Java?

[pjmlp]

Sun and Oracle have only sued those that went out of their way to create their own Java flavours, namely J++ and Android Java.

The Java ecosystem is just like C and C++, full of alternative, compliant implementations.

Microsoft learnt their lesson and is now an OpenJDK contributor.

So when will Google stop cherry picking OpenJDK features and actually support proper Java on Android?

[bradleyjg]

Let’s say Oracle sues Red Hat (now IBM), so what? Are android devs all totally screwed because Oracle sued Google?

I’m not going to defend Oracle’s business practices but this seems like FUD. You can use Red Hat, Amazon, or Azul’s jvm. If it’s too “scary” to do so for your company than you need better executives and/or lawyers.

[boulos]

> If it’s too “scary” to do so for your company than you need better executives and/or lawyers.

That is the point though. It's sort of obvious if you read through the terms. But if you're at a company that is already afraid of words like GPL, the JDK is "now" also scary.

At the same time, even if your legal department are scared of Oracle (and really just stories of "I heard Oracle sued Google"), I claim that the Corretto docs (and similar) are quite clear.

[bradleyjg]

But if you're at a company that is already afraid of words like GPL, the JDK is "now" also scary.

These companies either only develop software peripherally to their business, in which case sticking with java 8 is probably going to be fine, if silly, or they are the walking dead.

[wbl]

Java is GPL2+Classpath Exception licensed.

[vbezhenar]

Google perverted Java. That's what Oracle sued Google for. And that's what Sun sued Microsoft for decades ago. Red Hat is not trying to turn Java into something different, it just builds and supports existing OpenJDK codebase. It's absolutely different thing.

[pjmlp]

Yeah, where did all those from anti-J++ cheering crowd went?

[twic]

The licensing around post-8 JVMs is neither confusing nor scary. If you're confused or scared by it, that is entirely on you, i'm afraid.

[javajosh]

Great, then explain it.

[twic]

It's GPL 2, with an exception which lets you distribute binaries containing your own code linked to the JDK without having to provide the source to your own code (see '"CLASSPATH" EXCEPTION TO THE GPL' at the end):

https://github.com/openjdk/jdk/blob/master/LICENSE

This is substantially the same as the GCC Runtime Library Exception, which lets you distribute GCC-compiled binaries linked to the GCC runtime without having to provide the source.

That's it.

[javajosh]

Thanks. During this discussion I found the OpenJDK source code, cloned the repo, and build a fully-functional JDK [1]. Presumably the license forces me to share modifications to the JDK code itself, but not to any application I run on the JDK.

If I wanted to distribute my JDK (I don't, BTW) what limits are there? Do I need to get certified? Run compatibility tests? Pay a fee to Oracle? Or do I just need to plop a binary on Github or S3 and call it a day?

1 - https://openjdk.java.net/groups/build/doc/building.html