Closed mmmeff closed 4 years ago
kitten
commented
4 years ago Having utilities and tools that use GPL does not affect the code of the licence of the library itself.
In fact, this is a lock file from esy that is used when installing the opam package manager. So no non-MIT code is distributed as part of the library itself
mmmeff
commented
4 years ago Cunningham's Law strikes again. Thanks for clearing that up and sorry for the misunderstanding on my part. Cheers and thanks for all the awesome open source work.
kitten
commented
4 years ago No worries! I'm actually double checking this with some colleagues just to be on the safe side :heart:
mmmeff
commented
4 years ago Yeah I'm not entirely sure how licensing works for polyglot packages like this one. Please let me know what you find from your colleagues!
Context: the aforementioned commit broke my team's automated license checking (GPL is not allowed at my organization) and I'm trying to determine if this is a problem with our dependency license deep scanning logic or not. We're adopting URQL today and had to roll out with an older version for now.
kitten
commented
4 years ago @mmmeff im not even entirely sure whether esy.lock needs to be shipped in the distributed package itself. I’ll double check that and if it isn’t needed I’ll exclude it.
Next, I’m also looking into BuckleScript’a licensing. Your comment definitely encouraged me to take another closer look and I’ll have to double-check whether how this package is distributed is LGPL-compliant.
Either way, you can expect fixes for any issue I find soon :)
Wonka is listed as MIT but has checked in OCAML dependencies in version v4.0.5 (commit)
This package should be updated to reflect its license as GPL-3 or remove the offending dependency entirely