-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong license #16
Comments
According to https://stackoverflow.com/a/5610965/7058266, the code can have an MIT license. Additionally, frameworks such as If there are any objections to |
This is more about license compatibility (dependencies of your code, your code as a dependency, embedding third-party code into your code), not about modifying existing licensed code. AFAIK you used the original nose code as a whole and just applied some modifications to make it compatible with recent Python versions most of the time. Summarizing your interpretation of this topic, one could simply eliminate any copyleft effect of copyleft licenses by just changing some lines of the code - if this really would be the case, no company would have forbid licenses with strong copyleft anymore, which does not make sense.
If they really use nose code, this would be an issue as well. As far as I can see from the search results, they only are about providing a nose compatibility layer?
IANAL, but: While the original developers are the ones which could take legal actions, anyone can point out such issues - which I did as I consider your current approach wrong from a license compliance perspective. |
Lots of Another thing: GitHub never recognized the original Since developers use that information to determine the license of a repo without having to go through all the files, that's another reason why Based on all those things, (and any information listed previously), it's safe for |
Sorry, but I still consider this wrong unless you are able to provide actual evidence. Nevertheless, this is unrelated to
GitHub is rather strict within its parser and sometimes even wrong for slightly modified license texts. https://github.com/nose-devs/nose/blob/master/lgpl.txt just provides some basic clarification that at least LGPL-2.1 is meant here, although still not explicitly stating LPGL-2.1-only or LGPL-2.1-or-later, thus we have to assume LGPL-2.1-only.
This is a generalization which does not hold true. While it might be a first hint, the package metadata (license field and trove classifiers) are much more reliable in most of the cases. For final reliable results, scanning all source code files and looking for suspicious files/comments manually usually is required. While I am not aware of any studies about the quality of the autodected licenses of GitHub (my observations only showed that quite some cases do not show any and sometimes it tends to be wrong), actual studies have shown that quite some packages tend to have incomplete license declarations - including cases where the actual licenses imply a copyleft effect, while the package itself does not declare one (which I consider
As explained in this and the previous comment, the MIT license is wrong here and indicates false facts for everyone trying to ensure that |
I'll wait for a member of https://github.com/nose-devs to request a license change here (if that's what they want).
In the meantime, |
If I would treat my contracts and other legal agreements like you treat license texts, which are some sort of legal agreement as well, I would get into trouble rather quickly. With your approach, I could resolve all license-related headaches, including strong copyleft effects, with some small packaging overhead - you would not need extensive guidelines in this case and could quickly discontinue any license scanning and efforts like OpenChain. I consider it rather unlikely that some of the group members will get in touch with you about this as eight years after the last commit and with Due to not using |
Having a look at PyPI projects which have a requirement on
This seems to match https://github.com/mdmintz/pynose/network/dependents?dependent_type=PACKAGE as well. Data retrievalI just did a basic query against the SQLite3 database provided at https://github.com/pypi-data/pypi-json-data:
|
@mdmintz mind you, this is the preamble that you've cited here, which is in no way a replacement for the actual licence. The LGPL does not allow you to do what you're doing now. The SO answer that you link in your first comment takes Section 1 into account:
(Emphasis mine) This means that, if you would use
Again, it's still the preamble. Yes, you are modifying
(Emphasis mine) As such, even if you consider 5%, 10%, 50% of code to be coming from you, your whole work has to be licensed under LGPL 2.1. What you could do is to do a fork of
This is good, but this does not satisfy all of Section 2 requirements.
This is utterly wrong. Whether
True, but this does not allow you to use the MIT License in the hopes that others won't notice/won't care. If I steal your bicycle, and you don't tell the police about it, my actions would still be illegal, no matter if you're okay with it or not. |
This comment was marked as resolved.
This comment was marked as resolved.
This comment has been minimized.
This comment has been minimized.
I've read your thread, @mgorny I see lies, hateful speech, and slander from you. Sometimes all in one comment. It just sounds like you just don't want people to keep using |
In addition to the excellent points others have made, let me point out explicitly:
The answer you cite even says:
|
Note that any person with code in nose that has been infringed by this fork, has the legal right to make a claim of infringement, not just project members of https://github.com/nose-devs (and indeed, the nose-devs project members could include people who only contributed to nose2, and have no copyright claims on nose, so the connection to project members is entirely off target). |
This comment was marked as abuse.
This comment was marked as abuse.
@mdmintz before you rightfully get publicly shamed and find your way in history books, you should to take some time to reflect, apologize and fix your mistakes; you may also obtain permission to relicense from the nose devs but that wouldn't make what you did right enough. |
Be sure to read https://blog.jquery.com/2012/09/10/jquery-licensing-changes/ in full. One of many examples where a license could be switched over to MIT.
The license was able to switch over from a GPL to MIT without the sign-off of the over 500 contributors to the project. And I did state earlier in #16 (comment) that "If there are any objections to
|
That was possible because of a CLA where copyright was assigned to the jQuery Foundation. Do you have a CLA signed by the majority of nose contributors assigning copyright to you? |
@thesamesam and because jquery was dual licensed (GPL and MIT) at that point. |
The license was not switched over to MIT -- it was always MIT, and they took away the option to accept it under a dual license agreement as GPL. It is not legal to relicense software without the agreement of the original authors (a CLA is a case where you acquire that legal agreement in advance, and, appropriately, a CLA is a legal document). There is no ambiguity here. You cannot rationalize your actions into being legal. |
@mdmintz listen, this is really simple: you can't unilaterally change the terms of distribution of the code to a less restrictive license without agreement from the original copyright holders. you're now in breach of the LGPL terms, and the options you have are that either you get that approval from the original authors, or you restore LGPL-2.1 licensing, or, if you're unwilling to do the right thing, you will remove the repository. |
Pointed here from another thread: you absolutely can not just relicense this, even on the say-so of members of the nose-devs org: you'd need to contact and get approval from all contributors of any code beyond de minimis fixes, which includes me. Nobody contacted me, so this is definitely a license violation. (I'm all of: a contributor to nose, have done license compliance enforcement at multiple companies, and participated in a relicensing effort for a significant OSS package. I know pretty well of what I speak here.) |
Waiting to hear from the official These are the official And this is the official I would like to hear first what any of these 3 people have to say. Then we can resolve this. |
You've missed my point: you don't need to hear from any of them, you just need to mark this as LGPL. You can't re-license it unilaterally, and neither can those three individuals. For what it's worth I think it's a great thing to get nose working on newer Pythons for the benefit of its dependents. |
This is totally orthogonal and almost laughably irrelevant. Anyone is welcome to keep the legacy alive and fork/maintain nose all they like, but they (and you) are legally bound to do so under the original licensing terms.
This is also irrelevant. None of these people can legally make this change either. They would need to all three agree add well as contact every other contributor in the history of the project and either get them to sign of on the change or remove their contributions. Until that is done the answer is categorically "no, you cannot do this*. It must be reverted to LGPL. Do whatever modifications you like but you cannot relicense the project. |
(note that the cavalier, for want of a less insulting word, attitude to licensing terms can be also visible in other author's package, pdbp. which started as a fork of pdbpp, with history erased, and no attribution to original authors given whatsoever, despite the original code being licensed under BSD 3-Clause. we may have a plagiarist here, folks. the original license was also, quite pointlessly, changed to MIT.) |
Hey, thanks for including me in that screenshot. Congratulations on finally actually acknowledging a single thing I've contributed or asked to in this thread. You have avoided every opportunity to give any credit or proper attribution to the original maintainers except here, when forced to, by pointing out the license problems. You specifically avoid forking repos, despite the button being right there; you did NOT include the AUTHORS file; you put solely your name on the copyright. You want to talk about disrespect? Literally everyone here has tried to help you get your fork into compliance and you consistently argue against them and it's only until someone says something you can twist into being supportive that you call it "respect". Why do you even WANT this licensed as MIT? Why have you gone so far out of your way to never link back to the original repo in MULTIPLE projects? You're disrespecting not just the authors but the open source movement itself. Ignoring my questions but passively showing my name in a screenshot and calling me "disrespectful" is far more disrespectful. Do you not like that my avatar is femme coded with pink hair? People here are trying to help you. You adding a couple lines to a bundle of stolen code doesn't make you a "maintainer", it makes you a plagiarist. Don't steal people's work and pollute the community then complain when the community is upset. |
While I broadly agree with your comments about respect w.r.t. stripping out attribution....
Occam's Razor advocates that this comment is deconstructive and unhelpful and also, well, completely offtopic and inaccurate. (It is possible I am missing context from outside of this ticket or any of the linked tickets; if that is the case then by all means please correct me.) |
I am saying you literally do not use the fork button despite it being there, not that it's illegal to fork. And that acknowledgement is for one individual. In addition, this behavior is spread across multiple repos. Do you understand why this no longer appears to be in good faith? Yes, people are busy, and yes, people have day jobs. Part of your day job, as a developer, is to respect the attributions and licenses of the software you use and fork. You specifically did NOT fork this from the nose repo, instead choosing to copy/paste/commit all of nose into your repo... without the AUTHORS file (and with the incorrect license). Multiple people have pointed this out to you. You instead deflect, constantly, even going so far as to delete this type of issue when it's raised in other repos you control. You see how that comes across as in bad faith? |
It took you more effort to copy/paste/rm the AUTHORS file/commit/push nose into your repo than it would have to have forked it. You had a reason for it, whatever it is. And ensuring proper attribution is given isn't "a fix" that needs to be done, it's something that you should have automatically had as part of your workflow. Whatever your reason for "forking" this repo (and numerous others) in such an unusual way is, you should at least acknowledge it and say you will fix it, not giving some spiel about how you're busy as if everyone here isn't busy as well. |
As I said before, I'm working on things. There were already multiple links to |
PRs were merged. Up next, let's see if we can get these changes merged back into the original |
“People do not win respect by insisting on the right to be respected. Respect is earned: that is what makes it respect.” Source: The Home We Build Together, p. 61 (https://rabbisacks.org/quotes/respect-is-earned/) |
Please be respectful to repo maintainers, their projects, and their chosen licenses. You got notified about this at the end of January. It's plenty of time, even for a busy person. |
There must be a better way to help, I believe. @mdmintz cheers for your consistency and keeping pynose working with latest python versions. |
IMHO, the whole discussion wasn't about helping. It was about getting @mdmintz understand that a license violation exists. And, this is the first step. As this was so difficult and took so long, things got heated. The actual help to get the fork into compliance was provided by those involved in getting #30 as well as #32 done. |
This comment was marked as outdated.
This comment was marked as outdated.
I fail to see what the problem is, if he didn't change it to MIT, someone else would have. You're all being angry at the wrong person. |
This comment was marked as spam.
This comment was marked as spam.
Listen sweetie, sometimes code changes licenses. Are you going to try and preserve the original license of every little piece of code. Things change owners all the time, that's just the reality of things. There's no sense directing all this anger and violence at the innocent victims that happen to be on the receiving end of this change. Do better. |
Pretty sure that person is trolling/ragebaiting. No use engaging with that. |
Yes, now stop complaining. You're starting to look like an anti-semite. |
Version |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as duplicate.
This comment was marked as duplicate.
@mdmintz In the future, you may contact [email protected] for help with licensing questions relating to projects using GPL/LGPL. They'll be happy to point you in the right direction. |
It seems like your package is claiming the wrong license: The original nose implementation is subject to LGPL-2.1-only as far as I can see (https://github.com/nose-devs/nose/blob/master/lgpl.txt), but you are distributing your version as MIT.
Apparently, you reuse most of the original code in your fork and thus are forced to make your version available as LGPL-2.1-only as well (see §2 of the LPGL-2.1 license text, especially §2c). (In theory, §3 allows you to choose GPL-2.0 or any later GPL version as well, but this would mean an even stronger copyleft variant.)
The text was updated successfully, but these errors were encountered: