search

browserify / sha.js

Streamable SHA hashes in pure javascript
Other
288 stars 60 forks source link

Project is bound by MIT AND BSD-3-Clause licenses. #55

Closed Benjamin-Dobell closed 6 years ago

Benjamin-Dobell commented 6 years ago

Closes #42.

MIT AND BSD-3-Clause

I noticed there's quite a bit of confusion in #42, in particular with the suggestion that this project migrate to BSD-3-Clause. That's possible, but a serious pain, as to do so legally you need consent of every contributor who contributed whilst they thought the project was MIT licensed.

However, as @bastien-roucaries rightly pointed out, this project's origins are BSD-3-Clause, not MIT.

The correct licensing for this project is BOTH MIT and BSD-3-Clause. This is not a dual-licensing arrangement, it's a conjunctive "AND" i.e. the project is bound by both licenses simultaneously.

Luckily this is perfectly acceptable as the licenses are compatible. Even better, this is officially supported by NPM, which itself supports the SPDX specification, see Appendix IV: SPDX License Expressions (subsection 2) Conjunctive "AND" Operator).

Paul Johnston's original license is the BSD-3-Clause license, albeit not expressed precisely in its most common form. Note the use of the word "author" instead of "the copyright holder" in clause 3. This is not entirely unheard of, and is perfectly compatible with the SPDX's definition of BSD 3 clause (sections in red are not required verbatim).

As such, I've updated the LICENSE file to include a verbatim copy of both licenses, sha.js' MIT followed by Paul Johnston's BSD.

Formatting of LICENSE

Although the wording is verbatim, the formatting (whitespace) has been modified. This is perfectly acceptable and does not at all change the legal meaning of the licenses or violate either license.

In the case of Paul Johnston's license, a line break was included to seperate Clause 1 and Clause 2 of the BSD-3-Clause license, as in its original form they were included on the one line.

The MIT license was wrapped to 78 characters wide to match common formatting, seen on Wikipedia.

The BSD-3-Clause was wrapped to 79 characters, to more closely match common formatting, seen on Wikipedia. However, the formatting is not identical to that seen on Wikipedia (or commonly seen elsewhere) as the clause list typically includes numbers or list bullets. These are optional (highlighted red) in the SPDX BSD-3-Clause specification.

Although they're common, I did not opt to add bullets or numbers to the clause list. As whilst I believe it to be legally sound (IANAL), I did not want to introduce even a shred of doubt when it comes to honouring the BSD's first license clause:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

NPM

I've also updated package.json to include the aforementioned SPDX license expression:

(MIT AND BSD-3-Clause)

dcousens commented 6 years ago

Thanks @Benjamin-Dobell , I'll merge, if no resounding NACKs appear I'll release ASAP

dcousens commented 6 years ago

Released as v2.4.11

hrieke commented 5 years ago

You ought to update the readme.md as well to stress the "AND".