New license request: MS-NET-library [SPDX-Online-Tools]

spdx / license-list-XML

This is the repository for the master files that comprise the SPDX License List

Other

343 stars 275 forks source link

New license request: MS-NET-library [SPDX-Online-Tools] #2428

Closed nick1989Gr closed 1 month ago

nick1989Gr commented 5 months ago

1. License Name: MICROSOFT .NET LIBRARY 2. Short identifier: MS-NET-library 3. License Author or steward: Uknown 4. Comments: The license requested is not already part of SPDX The license apply to some binaries but is not restricted to that. Example of packages using this library are https://www.nuget.org/packages/System.Threading.Tasks/4.3.0 and The license has identifiable and stable text; it is not in the midst of drafting. The license steward, if any, is committed to not modifying after addition to the list and to versioning new versions in the future. 5. License Request Url: http://tools.spdx.org/app/license_requests/360 6. URL(s): https://www.microsoft.com/web/webpi/eula/aspnetcomponent_rtw_enu.htm 7. OSI Status: Unknown 8. Example Projects: https://www.nuget.org/packages/System.Threading.Tasks/4.3.0, https://www.nuget.org/packages/System.Reflection/4.3.0

karsten-klein commented 5 months ago

{metæffekt} Universe canonical name: Microsoft Software License (.NET Library 2019-06) short name: MS-NET-Library-2019-06 markers: Import/Export Marker category: Microsoft Software ScanCode reference id: ms-net-library-2019-06 OSI status: none

ScanCode matched id: ms-net-library-2019-06

Comment The following 4 versions of the license exist in ScanCode:

ms-net-library-2016-05
ms-net-library-2018-11
ms-net-library-2019-06
ms-net-library-2020-09

I would argue that if we add one, we also would require to add the other versions consistently.

swinslow commented 3 months ago

@nick1989Gr Can you share an example of a source code project that is using this license?

Looking at the examples given (System.Threading.Tasks and System.Reflection), it looks to me like the nupkg files contain DLLs and XML files, but not actual source code. I should stress that I am very, very much not a .NET programmer, so apologies if I've got this wrong :)

Under the SPDX License Inclusion Principles, SPDX does not list licenses that are intended as single-vendor, binary-only EULAs, which is what this one is currently looking like to me. While it does permit redistribution of the packages, things like the prohibition on reverse-engineering or attempting to derive the source code suggest to me that it's essentially a binary EULA.

nick1989Gr commented 3 months ago

@swinslow Thanks for your answer. Let me say that I am not a .NET expert myself. I have the feeling that you are right. I am afraid that all libraries connected to this license refer to binaries. Other examples are:

System.IO
System.Globalization
System.Collections
System.Text.Encoding
System.Runtime
System.Security.Claims

jlovejoy commented 1 month ago

so, do we still want to consider this license? @nick1989Gr ?

@richardfontana - do you know if this is something that may have been discovered in the Fedora review? I thought someone looked through all the .NET licenses there??

jlovejoy commented 1 month ago

discussed on 7/25: the requested license seems to apply to pre-complied binaries from MS, but not the source code. As per license inclusion guildeline: "Software licenses that apply only to executables and do not provide for the availability of the source code will not be included on the SPDX License List." - this doesn't meet the guidelines, so we'll close this issue.