jashkenas / underscore

JavaScript's utility _ belt
https://underscorejs.org
MIT License
27.33k stars 5.53k forks source link

Need license or reference in distributed javascript files #2842

Closed BruceRBowers closed 4 years ago

BruceRBowers commented 4 years ago

The project has a license that requires us to provide a copy of the file when we distribute the code, but the absence of a copy of the license in the code itself complicates Oracle's ability to comply anytime we send it to a user's browser. Please embed the license (or a reference to it) directly in the distributed JavaScript files.

jgonggrijp commented 4 years ago

@BruceRBowers Thanks for reaching out. Please be very specific: in which file(s) do you need the reference and why is this bit not enough?

https://github.com/jashkenas/underscore/blob/4cf715f593805ba8d7c5685cd06c82b3cd9b55ae/underscore.js#L12-L15

Note, previous issues about the license: https://github.com/jashkenas/underscore/issues?q=license

BruceRBowers commented 4 years ago

@jgonggrijp, thanks for your response.

The specific files are underscore/underscore.js and underscore/underscore-min.js.

The MIT License (and your license) states: "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software." The problem is that if the JavaScript file just says "MIT" in the comment header, then we are unable to comply with that requirement when delivering this code to a user's web browser.

In addition to the copyright notice, we believe the only way to enable us to truly comply with the requirement is to include the actual permission notice (your license text) in each file. If this is not possible, our next preference would be to include a link to your license text in each file. We don't believe that the current comment just mentioning "MIT" meets the requirement, but it is probably better than nothing.

jgonggrijp commented 4 years ago

@BruceRBowers If you are just sending the UMD bundle to browsers, why do you go the extra mile to distribute it yourself in the first place? You can have your users download it from a CDN instead, to which the copyright holder published it by himself (i.e., jsDelivr or unpkg, via NPM). This saves you bandwidth and is faster for your users, so it's win-win.

When you choose to distribute a part of the Software (in this case the UMD bundle), it becomes your responsibility to ensure you comply with the license. There is no place in the source we can insert a copy of the license that will magically ensure that everyone complies.

(If you see a reference above this commit to a commit adding a license link, please ignore it. A link in the file is not going to solve this.)

BruceRBowers commented 4 years ago

Delivery through a CDN still fails to comply with the license. Doesn't matter if the author put it on the CDN. The license is quite clear in the obligations.

If it is the author's intent not to include a copy of the license, an explicit statement to the effect that they are declining to do this, publicly stated in this issue, will suffice for us to show that we took all reasonable efforts to comply. Thanks for your support!

jashkenas commented 4 years ago

If it is the author's intent not to include a copy of the license, an explicit statement to the effect that they are declining to do this, publicly stated in this issue, will suffice for us to show that we took all reasonable efforts to comply. Thanks for your support!

It is the author’s intent to not include a copy of the MIT license in the network-distributed source code. Go for it!