DanielRuf
commented
5 years ago Afaik it is sufficient to use this short license header. We do not want the full license text in all (minified) files.
Also the MIT license text is always the same.
Open mirabilos opened 5 years ago
DanielRuf
commented
5 years ago Afaik it is sufficient to use this short license header. We do not want the full license text in all (minified) files.
Also the MIT license text is always the same.
DanielRuf
commented
5 years ago Also see https://stackpath.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
This is common and ok.
Otherwise you would have to open an issue for all frontend frameworks and other projects.
mirabilos
commented
5 years ago Daniel Ruf dixit:
Afaik it is sufficient to use this short license header.
No. Read the MIT licence itself:
[…] subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
The licence requires being incorporated. Unless you have a waiver from the normalize.css author. (In which case that waiver would probably be in the normalize.css repo and apply to everyone.)
This is common and ok.
This is common and very much not ok.
We do not want the full license text in all (minified) files.
Then either get a waiver from the normalize.css author (and include that full waiver in your normal source code, so that your downstreams know), or don’t use anything under… almost all Open Source licences — they all require that the licence be reproduced alongside. As things currently are, you violate the licence from @necolas by distributing your project, and, what’s worse, your downstreams do the same. I had to manually add it in the one project I’m using swagger-ui-dist in, in order to stay legally compliant.
Also the MIT license text is always the same.
Funny you mention that: the MIT licence is notoriously bad in that there are so many different versions around there that the original MIT licence (the one people normally use) has the licence identifyer “Expat”, and “MIT” is being used to identify the group of all of them.
So, no.
DanielRuf
commented
5 years ago I think @jonathantneal and the whole dev community (including me) do not see it like this.
DanielRuf
commented
5 years ago https://www.iusmentis.com/computerprograms/opensourcesoftware/license-notices-web-applications/
A reference to the license is still ok. Like I wrote.
https://unpkg.com/react@16.8.2/umd/react.production.min.js
As we do not ship the source but compiled files it is ok to reference to the license location.
The generated MIT license on GitHub and on other platforms is always identical except the owner name and year differ. Modifying a license text makes it a whole different license.
What you propose is not practical and would not make any change when we use minifiers which strip comments.
DanielRuf
commented
5 years ago https://code.jquery.com/jquery-3.3.1.min.js https://code.jquery.com/jquery-3.3.1.js
Good luck opening an issue in every JS / CSS project and so on.
mirabilos
commented
5 years ago Daniel Ruf dixit:
I think @jonathantneal and the whole dev communjfy do not see it like this.
Can you read?
What exactly in “this permission notice shall be included in all copies” do you not understand?
DanielRuf
commented
5 years ago I had to manually add it in the one project I’m using swagger-ui-dist in, in order to stay legally compliant.
So you deliver all this data to the client? Great for the performance. This is still not the sourcecode, the repo is and has the license file.
DanielRuf
commented
5 years ago I can read and what you propose is very unlikely to happen (in almost all projects).
Same for font files, they have metadata which includes a reference to the full license, not the full license. Otherwise we would have huge assets.
DanielRuf
commented
5 years ago The GNU GPL is designed so that you can easily apply it to your own program if you are the copyright holder. You don't have to modify the GNU GPL to do this, just add notices to your program which refer properly to the GNU GPL. Please note that you must use the entire text of the GPL, if you use it. It is an integral whole, and partial copies are not permitted. (Likewise for the LGPL, AGPL, and FDL.)
Notices like license headers are common which refer to the location of the full license text.
http://kendo.cdn.telerik.com/2019.1.115/js/kendo.all.min.js
I still see no issue here.
jonathantneal
commented
5 years ago Please just include whatever our projects do in whatever the ways our projects do them. In normalize.css, the reference is pretty short:
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */Thanks! I certify this or whatever as a co-creator of normalize.css and as one who helped published some of the more recent releases.
Seriously, I’d have licensed it CC0 if I knew what a pain in the neck licensing can be. What’s done is done. I won’t have more to add to this thread, and I have nothing but love and respect for you all. If Nic has anything more to add, please follow his lead. Pardon me if I peace out ✌️
mirabilos
commented
5 years ago Daniel Ruf dixit:
So you deliver all this data to the client? Great for the performance.
It does not need to be in the same file. But, when you aggregate, you must make sure that the aggregate ships it. When you aggregate naïvely (i.e. just concatenating minified files, then shipping that) you violate the licence.
The body of the licence must be included with all copies. Fine, put it into a LICENCE.txt file or something.
The copyright notices must be included. These should fit into the minified files, together with a pointer to the external file with the licence bodies.
But, both must be distributed, and when aggregated into a downstream, aggregated into their files (again, not necessarily in the same file).
What I do, in that project, is to (manually) aggregate all the notices and licences of all dependencies we ship and put them into a large LICENCE.txt file (plus separate text files for the big licences, like Apache or LGPL or Creative Commons). Then I point to that file every‐ where and make sure it is always included. (That’s crucial.)
Jonathan Neal dixit:
projects do them. In normalize.css, the reference is pretty short:
/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
This does not reproduce the author’s copyright either. And, in tachyons-sass, the licence is lost, too.
During https://github.com/swagger-api/swagger-ui/issues/5042 I found out that tachyons embeds code from https://github.com/necolas/normalize.css/ without reproducing its copyright statement and full licence terms, as required by the MIT licence.
The source code simply has https://github.com/tachyons-css/tachyons-sass/blob/master/tachyons.scss#L28 so https://github.com/tachyons-css/tachyons-sass/blob/master/license better be changed to reproduce https://github.com/necolas/normalize.css/blob/master/LICENSE.md in full.
However (see the swagger-ui-dist issue above) this is also a problem for your downstreams. The generated CSS file distributed from your NPM module contains necolas/normalize.css code without its full licence terms and statements. A method of aggregation would be best, or perhaps embed it into the generated CSS (even though that would kinda defeat minification).