Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can we enforce a single license for all components? #5

Open
wilzbach opened this issue Jul 5, 2015 · 4 comments
Open

Can we enforce a single license for all components? #5

wilzbach opened this issue Jul 5, 2015 · 4 comments
Labels
question
Milestone
manifesto

Comments

@wilzbach
Copy link
Member

wilzbach commented Jul 5, 2015

Feedback from the industry session at the 1st BioJS conference showed that licensing is a key problem for companies. Ideally only a single, very permissive license (like BSD or MIT) should be chosen and be a requirement for all submitted components as for them it is very important to restrict access to the modified source code. See also permissive free software licence (aka non copy-left license) on wikipedia.

Open questions:

  1. are there many authors who wouldn't be able to submit their code because of their company's/university's policy? (e.g. they are only allowed to share their code with GPL)
  2. is it still possible to include dependencies which aren't licensed under the chosen license (many modules are MIT)
  3. can we enforce author's not to include dependencies with incompatible licenses (e.g. GPL)?
  4. Should we use MIT, BSD or Apache 2 as project license?
@wilzbach wilzbach added this to the manifesto milestone Jul 5, 2015
@wilzbach
Copy link
Member Author

wilzbach commented Jul 5, 2015

  1. AFAIK (i am not a lawyer) if we choose BSD as project license, we can use dependencies with at least the following licenses: Apache 2, MIT

@benediktrauscher
Copy link

Prohibiting dependencies that are not licensed appropriately sounds very restrictive and may stop people from contributing, don't you think?

@wilzbach
Copy link
Member Author

wilzbach commented Jul 5, 2015

Prohibiting dependencies that are not licensed appropriately sounds very restrictive and may stop people from contributing, don't you think?

Yes I do agree, but where is the value of the contribution if our userbase can't use the contribution due to license restrictions?

BTW the most depended packages on npm are all permissive license (MIT, BSD, ISC, Apache 2) - so I think this is more an edge case question.

We could also say that everything under the BioJS organization must be license X (or compatible to it) and on the registry we shows a traffic light depending on the licenses of the component's dependencies (green: usable for companies, orange: usable for open research, red: no information found etc.).

@mhelvens
Copy link

Like in #3, I must repeat: It's not productive to enforce anything. You're going to exclude ¾th of potential contributors. Rather, make recommendations and allow the registry to be filtered by licence. Even nicer: allow the registry be filtered by license type and/or compatibility.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
manifesto
Development

No branches or pull requests
3 participants
@mhelvens @wilzbach @benediktrauscher