vincentparrett
commented
5 years ago I like this idea, but will need a lot of thought. The number of open source license types is mind boggling, and understanding the incompatibilities is no simple thing.
Open code-kungfu opened 5 years ago
vincentparrett
commented
5 years ago I like this idea, but will need a lot of thought. The number of open source license types is mind boggling, and understanding the incompatibilities is no simple thing.
code-kungfu
commented
5 years ago @vincentparrett Of course, it is a complex topic that's not solved overnight. However I think it's important to keep in the back of our heads :)
As the package registry starts to grow, and part of the metadata descriptor contains the package license. Wouldn't it be beneficial if the dependency management also could assist in avoiding potential license violations?
A practical example:
You're building a proprietary application.
You find an open source library that can help you greatly reduce development time.
Since you're a developer and focusing building awesome things, you haven't investigated what said library is licensed under and the license terms.
It turns out the library is licensed under the GNU General Public License v2, and you're statically linking the code into your project, essentially violating the GPL license.
With DLCA built into the package managers dependency handling, it could warn you when you're pulling in, e.g. a GPL licensed library into a commercial project. It could also handle license incompatibilities between the common open source licenses if you're creating an open source library that depends on another open source library but have an incompatible license.