search

fsfe / reuse-website

Website for the REUSE Initiative
https://reuse.software
Creative Commons Attribution Share Alike 4.0 International
7 stars 14 forks source link

Information about implications of licenses from used libraries #70

Open frere-jacques opened 4 months ago

frere-jacques commented 4 months ago

Sadly, I am really not an expert, when it comes to licensing.

Luckily codeberg mentioned your tool and I really like that it gives orientation, straightforward instructions and tools to verify it.

What I am missing is whether and how to handle licenses from libraries used in a project.

A short search gave me the impression that an answer to that can depend on how the software is packaged or distributed.

Eg. writing a Python library with a dependecy on numpy, importing and using numpy classes, that a user will install and install numpy as a requirement, does not need to deal with the numpy licenses.

But if you have a project that creates a binary, you are delivering the used code in a compiled form and should have to deal with the licenses.

Maybe I got it all wrong, I don't know. But a straight forward explanation how to handle usage of libraries and frameworks would be helpful. Also whether licenses have to be added recursively. Like pandas has a lot of licenses in it license folder. If I would create a binary that uses pandas, would my project need to list all the licenses of pandas? Would I be responsible to check those dependencies again and unclude the licenses and so on?

It would be really awesome to see an example on how to deal with that.

mxmehl commented 4 months ago

You're right in your assessments and understood it correctly. However, the devil is in the details, and there are hundreds of them.

I wholeheartly understand your need for simple explanations and I'd love to give them, but I'm afraid this is where the "out of scope zone" begins for REUSE. Perhaps a first step would be to look for easy yet somewhat exhaustive guides for this which we could reuse or link to. I'm not aware of any from the top of my head, but there certainly is the demand.

frere-jacques commented 4 months ago

I understand that, for sure, each community , language, framework, whatsoever has it's own common licenses, special topics, common ceavats etc. So I fully understand that a exhaustive coverage is impossible to achieve and out of scope.

But one example to show that this aspect exist and how to approach it, would be really nice. A growing list to other examples (which I didn't found one of) would be nice too.

At least I guess it would be helpful to add a FAQ item behind the one dealing with copying files, that even usage of libraries can create need to add those licenses.

I guess most people even don't know about that and simply place any kind of license to their repo and forget about it.

Personally I don't have any meaningfull public repo yet, and don't think the future ones will be of broad interest. But I like to get things done propperly and especially don't want to create any risk to become sueable. I don't believe that I have high risk of getting that attention, but on topics like that, I have always the crazy german Impressum laws in mind.