WongKinYiu / YOLO

An MIT rewrite of YOLOv9
MIT License
666 stars 69 forks source link

Request for Thorough Vetting of YOLOv9-MIT to Ensure No AGPL Contamination #51

Open Greendogo opened 4 months ago

Greendogo commented 4 months ago

Description: Dear YOLOv9-MIT Maintainers,

I am writing to request a comprehensive vetting process to ensure that the YOLOv9-MIT version is completely free from any derived work of the AGPL-licensed YOLOv9 released by Ultralytics. This step is crucial for organizations like ours that need to guarantee compliance with licensing requirements to avoid potential legal and operational issues.

Justification:

  1. Legal Compliance: Ensuring that YOLOv9-MIT is not derived from the AGPL-licensed version is critical for legal compliance. Organizations must avoid any risk of inadvertently violating the AGPL license terms, which would require us to open-source our proprietary code and disclose it to users if used in networked applications.

  2. Operational Integrity: Using a version that is mistakenly derived from an AGPL-licensed work could result in significant operational disruptions. Organizations depend on the certainty that the software they integrate into their systems adheres to the chosen licensing model.

  3. Financial Implications: The potential legal fees and costs associated with defending against claims of license violations can be substantial. Clear vetting ensures that organizations can avoid these financial risks and allocate resources more efficiently.

  4. Trust and Adoption: Thorough vetting builds trust within the user community, encouraging broader adoption and contributions to the project. When organizations are confident about the licensing integrity, they are more likely to adopt and support the software.

  5. Reputation Management: Maintaining a clear and undisputed licensing status protects the reputation of both the maintainers and the organizations using the software. It demonstrates a commitment to responsible and ethical software development and usage.

Request:

We kindly request that the maintainers perform a detailed and transparent review process, documenting the steps taken to verify that YOLOv9-MIT is entirely independent of the AGPL-licensed YOLOv9 by Ultralytics. This review should include:

We believe that taking these steps will greatly enhance the confidence of all potential users in the integrity of YOLOv9-MIT, facilitating its adoption in a wide range of projects.

Thank you for your attention to this critical matter. We look forward to your positive response and the steps you will take to address this request.

Best regards

henrytsui000 commented 4 months ago

Hi,

Thank you for the reminder and for trying to ensure this repository does not violate any GPL policy.

I must say, I am not an LLM (Master of Laws), and the code review from LLM (such as GPT) cannot be used as a reason to ensure that this repository is safe. However, there are several points that can subjectively indicate that this project can be licensed under the MIT license.

Simultaneously, I am looking for someone with deep knowledge about licenses who can guarantee this repository is under the MIT license, or provide a way to "conduct a transparent review process, documenting the steps taken to verify that YOLOv9-MIT is entirely independent of any project," as you mentioned.

I would like to know more details about your request:

  1. "A thorough code audit comparing YOLOv9-MIT with YOLOv9-AGPL to identify any potential overlaps or derived components."
    • I would like to know what is meant by YOLOv9-AGPL. Is it the original YOLOv9 repository or any code from Ultralytics?
  2. "Documentation of the development history and sources used to build YOLOv9-MIT."
    • Are the commit messages sufficient as documentation of development? Or should I illustrate where each line comes from or how I came up with the code?
  3. "Confirmation from developers and contributors involved in the creation of YOLOv9-MIT about the origin of the code."

Thank you for your attention to this matter, and I look forward to your clarification.

Best regards,
Henry Tsui

josht000 commented 3 months ago

I agree that this is an important thing to consider for the same reasons. I work with a lot of open source projects and this is one of the few modern YOLO code bases in pytorch that's claiming MIT. In my work I've noticed that a lot of people are copying each other with little or no attribution of source. For example, yolov6 code is based off of yolov5 (but they provide source attribution at the header of some of their code files) when it was still GPL.

@henrytsui000 At a minimum I'd draw more attention to the pull request template and take some pointers from opencv which has the same problem (vetting Apache 2.0 license and making sure user pull requests and contributions are not copied from GPL related code.)

See an example one of their pull requests: https://github.com/opencv/opencv/pull/25966