pyyaml-include is GPL3, doesn't that poison your MIT project?

copier-org / copier

Library and command-line utility for rendering projects templates.

https://readthedocs.org/projects/copier/

MIT License

2.04k stars 182 forks source link

pyyaml-include is GPL3, doesn't that poison your MIT project? #1398

Open alan-copeland-keysight opened 1 year ago

alan-copeland-keysight commented 1 year ago

Describe the problem

pyyaml-include, one of your dependencies, is GPL3 - doesn't that poison your MIT project?

Template

To Reproduce

No response

Logs

No response

Expected behavior

Screenshots/screencasts/logs

No response

Operating system

Windows

Operating system distribution and version

Copier version

Python version

Installation method

pipx+pypi

Additional context

No response

pawamoy commented 1 year ago

I am not a lawyer, but license contamination is, I think, only caused in case of static linking (compiling stuff to a single binary, without dynamic linking). Python uses by essence "dynamic linking", so it's not as impacted by license contamination. Copier does not provide or publish pyyaml-include's code in any way: it's users that willingly install the dependency when installing Copier.

Something like this :shrug:

yajo commented 12 months ago

Thanks for this investigation. I've been reading about the subject and it seems that the license violation is real. Also for jinja2-ansible-filters (see https://github.com/orgs/copier-org/discussions/1397#discussioncomment-7603817).

The FSF published https://www.gnu.org/licenses/gpl-faq.en.html#GPLStaticVsDynamic which states clearly that there's no difference between dynamic and static linking.

In https://opensource.stackexchange.com/a/2148/31465 is explained that, although this particular legal case hasn't been enforced by a trial, it's obvious what the author's intention is.

I have no desire to violate any laws, and I do have the desire to respect original authors' intentions, so we have to cure the infection.

We have 2 basic paths for the cure: