Add Apache License and Notice

[voxpelli]

Have you got all existing contributors signing off on this? Considering that as far as I know there's no CLA on the project?

Can you give some context / background for the change?

[mafintosh]

We are moving all our stuff to Apache 2.0

[mafintosh]

Both are equally permissive, but we apache for everything internally, so all never releases of this will be apache also per this change.

[voxpelli]

It's nit picky, but the MIT says:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

MIT does not say that clause can be circumvented by changing to Apache 2, so unless one owns all of the copyright through eg a CLA, or get the approval of all contributors, then the only thing one can do is to add the Apache 2 license for all new contributions, one can't really remove the existing MIT license notice, right?

I'm not going to force anything here, but I think it's important to note this as eg. this is the main difference between 0BSD / MIT-0 and BSD/MIT, that the latter require that one keeps the license notice always.

Also: Anywhere one can read on your reasoning for this change? Seeing as BSD/MIT-style licenses are the most prevalent ones in the JS community it would be nice to read thoughts on alternative licenses. (I have eg. chosen 0BSD for a couple of my new projects)

[voxpelli]

Also: This is going to be released as a breaking change, right?

[mafintosh]

Not a major change, compatible licenses. Only outside contribution is your engine field. Obvs happy to revert that if you wanna keep it MIT.

Re why, consistency with how we/I do things for all newer things per advice over time. Happy to discuss licenses offline at any time, but not really my fav GH issue.

[voxpelli]

Not a major change, compatible licenses.

Depends, but yeah, it's unlikely to be a big issue in this case.

Though, Apache 2 appears to eg. be incompatible with eg GPL-2, because of some of the patent rules in Apache 2: https://www.apache.org/licenses/GPL-compatibility.html

Eg why many Rust projects seems to go with an Apache-or-MIT dual license.

The patent rules in Apache 2 is a distinct (although in most cases not disruptive) difference for both contributors and users, though the impact is likely not big (though as you know, SemVer Major doesn't care of the size of the breaking change and neither may legal departments)

Obvs happy to revert that if you wanna keep it MIT.

It's not about that, it's about the procedure.

You can license your new additions under Apache 2 but need to keep the old MIT license attribution around unless you get every contributor to sign off on removing it. Else you are breaking that license 🤷‍♂️

Since licenses and license compliance is at the core of OSS it should be done correctly I think.

I don't think my personal contribution here is big enough to carry any copyright protection.

Re why, consistency with how we/I do things for all newer things per advice over time. Happy to discuss licenses offline at any time, but not really my fav GH issue.

My hope would be that you had a blog post similar to others who make a move to a new license, like eg the controversial https://www.elastic.co/blog/licensing-change

[mafintosh]

Yep, everyone signed off. Thanks for the input.