search

bemusic / bemuse

⬤▗▚▚▚ Web-based online rhythm action game. Based on HTML5 technologies, React, Redux and Pixi.js.
https://bemuse.ninja/
GNU Affero General Public License v3.0
1.15k stars 147 forks source link

Project possible licensing problem #659

Closed henriquelalves closed 4 years ago

henriquelalves commented 4 years ago

First, let me say I'm very much new to the project (found it while exploring on GitHub), and it looks awesome! But I do have some concerns regarding its licensing; in the Readme, it is stated:

AGPLv3, for now. After the project matures, it may be released into a more permissive license. Note that this license only applies to the main Bemuse project, not the sub-projects, which has its own license terms (mostly MIT).

I'm aware that, as the original copyright holder, the author might change the license as he/she sees fit, but the legal problem that might happen is that the code that was contributed to the project is, as stated by the license, AGPLv3 too, and from different authors. Since I don't see any Contributing License Agreement (the default mechanism to transfer ownership of contributed code to the project's owner), I'm assuming the owners of contributed code are the users themselves; which means you'd have to ask each one of them for permission to change the original project license, since their code is AGPLv3 and this would means that every code and project that uses that code has to be AGPLv3 too.

TL;DR: due to how AGPLv3 works, you will have to ask each and every project contributor for permission / transfer code ownership before changing the project license to a more permissive one.

This is really not a problem per-se, it's more of a heads-up in case the project owner really wants to change its license.

PS.: I'm no lawyer, I'm just somewhat knowledgeable of copyleft licenses. It's better if you look into some other references; this stackoverflow question explains in more detail the licensing problem, and the Apache Foundation has an example of Contributing License Agreement.

EDIT: https://opensource.guide/legal/ explains in great detail what I wrote on this issue.

dtinth commented 4 years ago

Hello, thanks for bringing light to this issue… When I start this project, I remembered setting up an automated CLA bot some time ago, but it didn’t get used.

It’s been 5 years since project’s inception, and it’s still AGPL-licensed. I think it's pretty unlikely that we will change the license. Also, AGPL does not apply to the subprojects (which is MIT licensed). For people who uses the AGPL-licensed source code in a non-disruptive manner, it’s unlikely that I or anyone would sue that person.

Would it solve the problem if we remove this from the README file?

After the project matures, it may be released into a more permissive license.

henriquelalves commented 4 years ago

Sure! This line of the README is not really troublesome, I was just being sure that this licensing problem was known, as the more contributors the project has, the harder the task to hunt for permissions is. Taking that particular line out of the README can avoid some questions people might ask about how the project will be licensed in the future, tho; and since this is a pretty matured project and you are not really planing on changing licenses anyway, I think it's a good idea to take it out.

henriquelalves commented 4 years ago

The discussion was already fruitful, so I'm closing the issue now.