라이센스 검증 및 변경 검토

[simonseo]

1. package.json에 디펜던시를 명시하는 것은 linking 또는 배포가 아니다. 고로 같은 라이선스를 따를 필요는 없다. 당신의 프로젝트를 사용하는 사람이 빌드를 해서 자기 프로젝트에 넣으면 링킹하는 것이다.

   Normally, you connect 3rd party dependencies via a package.json. To my best knowledge, listing dependency in package.json cannot be considered as linking. Linking will be performed by an app developer who will use your package on a build or run stage.

2. 다만 빌드를 해서 bundle.js에 포함되어 웹사이트를 통해 사용자에게 전달이 되는 코드가 있다면, 그건 라이선스를 따라야 한다.

Most probably you bundle all your files, including libraries into one JS file and put it on a web server. You are performing static linking and distribution. It’s fine to use packages with Permissive licenses in a bundle. If you need to use a package with Weakly Protective license like MPL you have options: Load library from separate file (i.e. via script tag) Apply compatible open source license to your bundle (but check comment below and talk to your legal team before)

3. 요약 정리

• pylint나 beautifulsoup4 등은 GPL 라이선스이지만 우리가 사용자에게 제공하지 않기 때문에 라이선스를 안 따라도 됨.
• React 나 mui 등은 번들링 후 사용자에게 전달하기 때문에 라이선스 조건을 따라야 함.
• 번들링되는 라이브러리들은 한번씩 확인해보겠습니다만, 현행대로 MIT 라이선스를 유지해도 될 것 같아보입니다.

참고: https://medium.com/@vovabilonenko/licenses-of-npm-dependencies-bacaa00c8c65

[simonseo]

package.json에서 직접 참조하는 디펜던시의 라이센스. 명시 안되어있는 것들은 MIT 라이센스입니다. kendo, react-helmet, web-vitals 세가지가 문젠데 전부 더 이상 안 쓰는 라이브러리 같아보여서 디펜던시 목록에서 없애도 되거나 트라이얼 라이센스가 있는 경우입니다.

{
    "@emotion/react": "^11.4.1", 
    "@emotion/styled": "^11.3.0",
    "@material-ui/core": "^4.12.3",
    "@material-ui/icons": "^4.11.2",
    "@material-ui/styles": "^4.11.4",
    "@mui/icons-material": "^5.0.1",
    "@mui/material": "^5.0.2",
    "@mui/styles": "^5.0.1",
    "@mui/x-data-grid": "^5.0.0-beta.2",
    "@nivo/bar": "^0.73.1",
    "@nivo/core": "^0.73.0",
    "@nivo/geo": "^0.73.0",
    "@nivo/line": "^0.73.0",
    "@nivo/pie": "^0.73.0",
    "@progress/kendo-drawing": "^1.14.0", // commercial
    "@progress/kendo-licensing": "^1.2.0", // commercial
    "@progress/kendo-react-pdf": "^4.9.0", // commercial
    "@testing-library/jest-dom": "^5.11.4",
    "@testing-library/react": "^11.1.0",
    "@testing-library/user-event": "^12.1.10",
    "axios": "^0.22.0",
    "draft-js": "^0.11.7",
    "immer": "^9.0.6",
    "lodash": "^4.17.21",
    "moment": "^2.29.1",
    "notistack": "^2.0.2",
    "react": "^17.0.2",
    "react-dom": "^17.0.2",
    "react-google-login": "^5.2.2",
    "react-helmet": "^6.1.0", // Apache-2.0
    "react-hook-form": "^7.17.2",
    "react-icons": "^4.3.1",
    "react-router": "^5.2.1",
    "react-router-dom": "^5.3.0",
    "react-scripts": "4.0.3",
    "react-wordcloud": "^1.2.7",
    "recoil": "^0.4.1",
    "web-vitals": "^1.0.1" // Apache-2.0
}

[simonseo]

백엔드 파이썬 라이브러리는 저희가 수정하거나 배포하는 건 없고 전부 API 형식으로 사용만 하고 있어서 백엔드 라이센스는 저희 맘대로 정하면 될 것 같습니다.

[simonseo]

kendo EULA 중 Redistribution 및 Trial License 부분입니다.

요약하자면

1. RISKOUT 웹사이트에서 사용하는 건 라이센스가 지속적으로 필요하지만 트라이얼 라이센스 사용 중인 동안 (최대 30일)은 괜찮습니다. 그 이후에 다른 방식으로 변경하면 됩니다.
2. kendo 라이브러리를 이용하는 코드는 라이센스가 없어도 배포가 되는 것 같습니다.
3. 라이센스 취득은 이 코드를 사용할 사용자의 몫입니다. (현재로서는 우리가 사용자이기도 합니다.)

1.2.6. Redistribution. If the Order or section 3 (Product Family Specific Terms) or section 4 (Product Specific Terms) grants you the express right to redistribute or offer access to all or a portion of the Product (“Redistributables”), then, in conjunction with any such grant, you must comply with any limitations or requirements specified in the Order, section 3 (Product Family Specific Terms) or section 4 (Product Specific Terms), as applicable, and you must distribute or offer access to the Redistributables subject to a license agreement or terms of use between you and each third party receiving or accessing the Redistributables (“your customer”) that: (a) protects our interests consistent with the terms contained in this EULA, (b) prohibits your customer from any further distribution of the Redistributables (unless expressly permitted pursuant to section 3 (Product Family Specific Terms) or section 4 (Product Specific Terms)), (c) includes a limitation of damages clause that, to the maximum extent permitted by applicable law, disclaims on behalf of us, our Affiliates or our or their respective licensors, suppliers or Authorized Resellers, liability for any and all damages, whether direct, special, incidental or consequential damages, (d) contains terms substantially similar to those in subparts (a) through (g) of section 1.2.4 (Restrictions), section 1.5.1 (Export Compliance) and section 1.5.2 (U.S. Government Customers), and (e) includes a notice substantially similar to section 1.2.7 (Third Party Notices).

4.A.2. Redistribution under Developer License.

4.A.2.1. Redistribution License grant. If you have purchased a Developer License, you may distribute (as applicable based on the Product(s) identified in the Order or included in the DevTools collection(s) identified in the Order): (i) the UI Products and the Progress Telerik Reporting Product in object code form only as embedded in Your Integrated Products, (ii) the Kendo Products in minified form only as embedded in Your Integrated Products, and/or (iii) the Progress Telerik Report Designer Product in object code form for use solely in conjunction with the Progress Telerik Reporting Product as embedded in Your Integrated Products. The distributions permitted under subsections i, ii, and iii of this section 4.A.2.1 may be made only to Permitted End Users and only in accordance with the terms of this section and section 1.2.6 (Redistribution). You are not permitted to distribute any of the Products pursuant to this section: as a standalone product, or as a part of any product other than Your Integrated Product, or in any form that allows any Product (or portion thereof) to be reused by any application other than Your Integrated Product. For avoidance of doubt, your Permitted End Users are not allowed to use the Products, or any portions thereof, for software development or application development purposes unless they also purchase a separate Developer License from us for each of the users. You are not allowed to, and are expressly prohibited from, granting your Permitted End Users any right to further sublicense the Products or any portions thereof. You must include a valid copyright message in Your Integrated Products in a location viewable by Permitted End Users that will serve to protect our copyright and other intellectual property rights in the Products.

3.4. Trial License.

3.4.1. License Grant. If you downloaded the free trial license for the Product Package (“Trial License”), then your use of the Product Package is subject to the limitations and conditions specified in section 1.2.5 (Limitations on Evaluation or Trial Licenses). Without limiting the foregoing, you are not allowed to integrate the Product Package into end products or use it for any commercial, productive or training purpose. You may not redistribute the Product Package. The term of the Trial License will be 30 days. If you wish to continue using the Product Package beyond the expiration of the Trial License, you must purchase the applicable Developer License, as defined in section 4 (ProductSpecific Terms).

참고: https://www.telerik.com/purchase/license-agreement/progress-kendoreact

[cjnghn]

멋있습니다. 하나 배워갑니다. 🥇

[simonseo]

라이센스 관련 앞으로 해야되는 일:

• [x] 1. MIT 라이선스 유지
• [x] 2. Apache-2.0 라이선스로 지정된 라이브러리들 제거
• [x] 3. 상업 라이선스 사용 중인 kendo는 30일 이내에 다른 라이브러리로 변경

[mslee300]

역시 깃명근이십니다...