Discussion: `cursor` changed license

[PatrikKopkan]

Cursor is now under GPL license. Which means you should either change license too or stop using Cursor

[PatrikKopkan]

https://github.com/GijsTimmers/cursor/blob/master/LICENSE

[PatrikKopkan]

Or dont use newer versions of cursor in your project.

[PatrikKopkan]

Or dont use newer versions of cursor in your project.

But I am no lawyer so dont rely on that much

[manrajgrover]

Thanks for bringing this up and making me aware of this. I don't get into licensing much and hence MIT everything, thus don't know implications of this. I will investigate this and get back.

Thanks again!

[norweeg]

@PatrikKopkan, @manrajgrover is neither changing nor distributing the source code of cursor, it is merely a a dependency of halo. The MIT License is also compatible with the GPL anyway

[makkus]

@norweeg , not sure what you are trying to say, but being compatibility only goes in one direction in this case. If you have a GPL project, you can call MIT-licensed code. But not vice versa. So, in the case of halo, you are not allowed to distribute any software that is incorporating halo (which comes with cursor) unless you license your software GPL.

I'd suggest to at least freeze the cursor dependency to version 1.2.0 (the last non-GPL version). Or use something like vistir, which unfortunately is a bit heavier, but comes in quite handy in a lot of cases. I'm using vistir in my project anyway, so ideally (for me) would be if halo would be happy with either one of the dependencies. Either way, currently, I would strongly recommend you specify 'cursor==1.2.0' in the dependency list of your own (non-GPL) project if you are using halo...

[norweeg]

@makkus nope, please see https://www.gnu.org/licenses/gpl-faq.en.html#IfLibraryIsGPL https://www.gnu.org/licenses/gpl-faq.en.html#WhatIsCompatible https://www.gnu.org/licenses/gpl-faq.en.html#WhatDoesCompatMean and finally https://www.gnu.org/licenses/license-list.en.html#GPLCompatibleLicenses, specifically the fourth license from the bottom of the compatible licenses section, excerpted below

X11 License (#X11License) This is a lax permissive non-copyleft free software license, compatible with the GNU GPL. Older versions of XFree86 used the same license, and some of the current variants of XFree86 also do. Later versions of XFree86 are distributed under the XFree86 1.1 license.

This license is sometimes called the MIT license, but that term is misleading, since MIT has used many licenses for software.

This is a fine license for a small program. A larger program usually ought to be copyleft; but if you are set on a lax permissive license for one, we recommend the Apache 2.0 license since it protects users from patent treachery.

Also, again, Halo does not distribute Cursor. Cursor is a dependency of Halo and pip will install it with halo if you do not have the --no-deps flag set. None of the source code of cursor is included in Halo's code.

[makkus]

@norweeg have you actually read: https://www.gnu.org/licenses/gpl-faq.en.html#WhatDoesCompatMean ?

It explicitely states:

All GNU GPL versions permit such combinations privately; they also permit distribution of such combinations provided the combination is released under the same GNU GPL version. The other license is compatible with the GPL if it permits this too. [emphasis mine]

There are a lot of questions regarding this on stackoverflow and such, e.g.:

https://stackoverflow.com/questions/11819831/including-gpl-external-library-in-mit-code https://opensource.stackexchange.com/questions/6062/using-gpl-library-with-mit-licensed-code

As long as you don't distribute the resulting work (your non-GPL'ed software), you're fine. But as soon as you want to distribute, you'll have to change the license of your code to GPL.

[norweeg]

@makkus that line you emphasized pertains only to code released under different GPL versions as GPL 2 is not compatible with GPL 3.

I would like to point out https://www.gnu.org/licenses/gpl-faq.en.html#WhatIsCompatible, excepted below, with emphasis

What does it mean to say that two licenses are “compatible”? (#WhatIsCompatible) In order to combine two programs (or substantial parts of them) into a larger work, you need to have permission to use both programs in this way. If the two programs' licenses permit this, they are compatible. If there is no way to satisfy both licenses at once, they are incompatible.

For some licenses, the way in which the combination is made may affect whether they are compatible—for instance, they may allow linking two modules together, but not allow merging their code into one module.

If you just want to install two separate programs in the same system, it is not necessary that their licenses be compatible, because this does not combine them into a larger work.

When you install Halo on a system, Cursor is also installed as a dependency, but it is not distributed as part of halo. They are not combined into a larger work, and halo is not a derivative work of cursor. If you, however, created software using halo (and therefore also cursor), packaging both modules with it (e.g. with PyInstaller) and distribute that or otherwise included the cursor codebase in your code, you would be bound by the terms of the GPL, as that is a derivative work. This is consistent with the opinion of Lawrence Rosen (formerly the OSI general counsel) as expressed in this article which he stated:

1) The primary indication of whether a new program is a derivative work is whether the source code of the original program was used, modified, translated or otherwise changed in any way to create the new program. If not, then I would argue that it is not a derivative work.

2) The meaning of derivative work will not be broadened to include software created by linking to library programs that were designed and intended to be used as library programs. When a company releases a scientific subroutine library, or a library of objects, for example, people who merely use the library, unmodified, perhaps without even looking at the source code, are not thereby creating derivative works of the library.

3) Derivative works are not going to encompass plugins and device drivers that are designed to be linked from off-the-shelf, unmodified, programs. If a GPL-covered program is designed to accept separately designed plugin programs, you don't create a derivative work by merely running such a plugin under it, even if you have to look at the source code to learn how.

4) In most cases we shouldn't care how the linkage between separate programs was technically done, unless that fact helps determine whether the creators of the programs designed them with some apparent common understanding of what a derivative work would look like. We should consider subtle market-based factors as indicators of intent, such as whether the resulting program is being sold as an “enhanced” version of the original, or whether the original was designed and advertised to be improvable “like a library”.

Halo does none of these things, and therefore is not a derivative work bound by the GPL

[makkus]

If you, however, created software using halo (and therefore also cursor), packaging both modules with it (e.g. with PyInstaller) and distribute that or otherwise included the cursor codebase in your code, you would be bound by the terms of the GPL, as that is a derivative work.

I guess we agree then, that is the only relevant point I wanted to make. Of course 'halo' itself is safe. But, in practice, I can't see how that matters. 'halo' itself will never be distributed on it's own, it'll always be used as part of a larger application, as it's a library, not an application. So, its utility depends on being able to use it in your own application. As long as that is GPL, there is no problem. But if not, then halo might as well be GPL'ed itself as far as I care, because I could not use it in my own application (be it MIT-licensed, or proprietary). In which way do you think halo would be useful on it's own?

[takeda]

@manrajgrover all you need to do is to call stdout.write("\033[?25l") to hide a cursor and stdout.write("\033[?25h") to show it, there's no need to add this package so it can hijack the license.

Please remove this dependency, not only it makes your code "heavier", but also someone who incorporates your code into theirs might run into legal issues.

[manrajgrover]

@PatrikKopkan @makkus @norweeg Thank you so much for insightful discussion! :)

I've removed halo's dependency on cursor and have directly used a StackOverflow response on which that repo was based. This resolves this issue.

I'm also sorry for such delayed response. Recent events have kept me busy. Hence, I'm actually looking for maintainers of this project. If you're interested, feel free to drop an email regarding this. Thanks again!

[manrajgrover]

I've made the release in v0.0.30

[norweeg]

I'm always free to help in my spare time. I'll try to resolve some bugs. also I must apologize I have not been good at keeping up with the PRs I made a few months ago. I'll rebase them on main and come up with some tests. I have a few ideas how Halo might be improved as well which I may PR in the near future