@babydragon 2016-04-04T06:22:46.000000Z 字数 7744 阅读 2363

# 在Docker容器中运行Java违反协议吗？

docker java

2 . LICENSE TO USE. Subject to the terms and conditions of this Agreement including, but not limited to, the Java Technology Restrictions of the Supplemental License Terms, Oracle grants you a non-exclusive, non-transferable, limited license without license fees to reproduce and use internally the Software complete and unmodified for the sole purpose of running Programs.

C. LICENSE TO DISTRIBUTE SOFTWARE. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the README File, including, but not limited to the Java Technology Restrictions and Limitations on Redistribution of these Supplemental Terms, Oracle grants you a non-exclusive, non-transferable, limited license without fees to reproduce and distribute the Software, provided that (i) you distribute the Software complete and unmodified and only bundled as part of, and for the sole purpose of running, your Programs, (ii) the Programs add significant and primary functionality to the Software, (iii) you do not distribute additional software intended to replace any component(s) of the Software, (iv) you do not remove or alter any proprietary legends or notices contained in the Software, (v) you only distribute the Software subject to a license agreement that: (a) is a complete, unmodified reproduction of this Agreement; or (b) protects Oracle's interests consistent with the terms contained in this Agreement and that includes the notice set forth in Section H, and (vi) you agree to defend and indemnify Oracle and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. The license set forth in this Section C does not extend to the Software identified in Section G.

（第G节定义了Oracle标准支持服务已经提供的安全补丁约束，该节提到的仅供参考，因为它不影响标准Java再分发本身的合法性。还有第E节定义了出版商在印刷书籍和杂志中的电子媒介包含JDK的权利；还记得印刷杂志中附带的CD吗？还记得印刷杂志，或是对于这种问题中的CD吗？）

D. LICENSE TO DISTRIBUTE REDISTRIBUTABLES. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the README File, including but not limited to the Java Technology Restrictions and Limitations on Redistribution of these Supplemental Terms, Oracle grants you a non-exclusive, non-transferable, limited license without fees to reproduce and distribute those files specifically identified as redistributable in the README File ("Redistributables") provided that: (i) you distribute the Redistributables complete and unmodified, and only bundled as part of Programs, (ii) the Programs add significant and primary functionality to the Redistributables, (iii) you do not distribute additional software intended to supersede any component(s) of the Redistributables (unless otherwise specified in the applicable README File), (iv) you do not remove or alter any proprietary legends or notices contained in or on the Redistributables, (v) you only distribute the Redistributables pursuant to a license agreement that: (a) is a complete, unmodified reproduction of this Agreement; or (b) protects Oracle's interests consistent with the terms contained in the Agreement and includes the notice set forth in Section H, (vi) you agree to defend and indemnify Oracle and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. The license set forth in this Section D does not extend to the Software identified in Section G.

Oracle的自述文件包含对Oracle网站的引用，该网页包含不同自述文件的链接。（它们没有随JDK或者JRE分发或作为其中一部分，可能是出于一定的考虑，因为自述文件内容无法随着时间而追溯。）当前版本JDK 8对于发布版本（测试版本和预发布版本可能无法再分发）再分发有专门一节：

You may reproduce and distribute the Software (and also portions of Software identified below as Redistributable), provided that you comply with the terms and conditions of the Oracle Binary Code License Agreement for the Java SE Platform Products.

The term "vendors" used here refers to licensees, developers, and independent software vendors (ISVs) who license and distribute the Java Runtime Environment (JRE) with their programs.

Vendors must follow the terms of the Oracle Binary Code License Agreement for the Java SE Platform Products.

There are separate required and optional files in the distribution for both the JDK and the JRE:

Required vs. Optional Files

The files that make up the Java Runtime Environment (JRE) are divided into two categories: required and optional. Optional files may be excluded from redistributions of the JRE at the vendor's discretion.

...

Please refer to the JRE Readme for details of which files are required and which files are optional when distributing a JRE.

JRE自述文件提供了基于Oracle二进制代码许可下的复制和分发（部分）软件。例如，JavaFX可以被排除，还有jre/ext目录中的内容。所以非可选的文件都是必须的，它们必须随着JRE被分发。同时JDK文件必须和JRE联合分发。

Java还携带了40位密钥强度的有限安全协议实现，它被普遍认为容易攻破，并且面临一系列降级攻击（例如BEASTPOODLE攻击）。该问题可以通过升级使用无限制强度密码系统。然而这些升级无法分发，必须让用户直接下载：

An unlimited strength version of these files indicating no restrictions on cryptographic strengths is available on the JDK web site for those living in eligible countries. Those living in eligible countries may download the unlimited strength version and replace the strong cryptography jar files with the unlimited strength files.

Henn Idan将此描述为神秘的肉（Mystery Meat）——我们无从知道获取了什么，也不知道它的来源和历史。Azul Systems创始人Gil Tene跟进并宣称他们提供的Java分发版通过了Java测试兼容性套件（Java Testing Compatibility Kit，TCK），可以安全使用。他强调Azul的OpenJDK构建同时有一份认证以确认当前构建的版本来源以及通过TCK的断言。Azul是Java的TCK授权持有人之一，另外Red Hat分发的构建，作为企业Linux（RHEL）发行版的一部分，也通过了TCK兼容性测试

Henn Idan博客提到的其中一个问题是Docker OpenJDK镜像基于Debian unstable仓库版本构建，因为OpenJDK 8还不在stable仓库中。这会使得任何使用基于该Docker镜像的用户使用该基础仓库，其中的软件版本没有经过Debian对Java一致性测试。由于Debian未正式发布Java 8,他们不太可能在这个阶段进行认证。然而docker/openjdk仓库在Docker中似乎是标准可用。抛开前文提到的充分发JDK部分，标准Docker镜像基于一个Debian的已知不稳定版本也是需要考虑的地方。

You also represent and warrant that you do not intend to distribute the software in a manner that is not compliant with relevant export control laws or regulations administered by the U.S. Commerce Department, OFAC, or any other government agency.

You may not impose any further restrictions on the recipients' exercise of the rights granted herein.

InfoQ总结了这些信息，但这不能作为法律意见。随着形势变化或者再评估，本文可能会有新的勘误和更新。我们联系了Oracle对此问发表评论，截至本文发布前没有收到任何反馈。如果有最新消息，我们会及时更新本文。

• 私有
• 公开
• 删除