Closed Source Dependencies and Licenses from SAS

Hoping some some more experienced devs could chime in. I’m looking to write a package for Julia to interface with SAS, akin to the saspy package SAS maintains. Long story short, the Julia package will need these four jars in order to run. Until recently, a user had to grab these themselves from their SAS installation, but the jars are now located in this SAS-maintained repo, along with their own license . I’m inexperienced managing software licenses and the like, so would anyone more experienced know if I’d get into legal trouble if I were to include code to download these jars in a build script? Thanks!

1 Like

That license is nasty.

Customer …warrants that … (ii) neither Customer nor any User is located in … [sanctioned] countries (currently Cuba, Iran, North Korea, Syria, and Sudan)…

Customer agrees not to release the results of any benchmarking you perform on the Code or the Software.

I am not a lawyer.

I would guess you probably can let users download them in your build script.
The license does say:

… You are downloading software code…

which implies downloading the code is permitted.
Worst case you would have to download the whole saspy and then extract those files, I guess.

I might be tempted to make that only happen if the user has set a environment variable or agreed to a prompt: “I have read and agree to SAS’ nightmare fuel license, which is distinct from the license of SAS.jl”.

I wouldn’t want to install that as an indirect dependency.

I think if doing that you might be able to put it in General registry, but idk.


Yeah I figure this is a good idea now, initially I wasn’t sure this was appropriate given it wasn’t really an issue with saspy per se.

Good I asked before just including the code, then! I found the no benchmarking clause, well, interesting…