Open angelinimattia opened 10 months ago
denjell-crabnebula
commented
10 months ago We have been really militant about monitoring cases where the GPL might be impacting final builds, and to our knowledge for all platforms only GPL based dev toolings are involved or multi-licensed libraries. If this is not the case, I am grateful for you bringing it up and request you to post your findings here.
angelinimattia
commented
10 months ago In the AppImage I think the issue arise when we need to include the GStreamer runtime, I suppose you can add some notes of licensing where you talk to add gstreamer to the AppImage for mediasupport.
denjell-crabnebula
commented
10 months ago GStreamer itself is part of webkitgtk, for an example of its declared license, please see the license header here.
It is LGPL, not GPL.
To quote the Gstreamer project themselves: "By choosing the LGPL, there is no need for an exception clause and thus code can be shared freely between your application and other LGPL using projects." I encourage reading their entire analysis.
Now, after digging further - I discovered that we are apparently pulling in the Plugins-Bad - unless I am reading this line incorrectly @FabianLars & @lucasfernog (so happy to stand corrected):
In the past, at least, some gstreamer bad plugins are actually GPL. :(
This led me to reading: https://github.com/GStreamer/gst-plugins-bad/blob/master/README.static-linking
I think we need a bit more research from the team before we can make a final conclusion and way forward.
And on a final note: If you are using FOSSA, it is well known for reporting false positives because e.g. LGPL also has the letters "GPL" in it. yay
FabianLars
commented
10 months ago ugly is the package that contains plugins with non lgpl licenses (afaik mostly because of patents?), but I'm not aware of a concise list of plugins+licenses which is super annoying.
and yes, bad can also contain plugins with non-lgpl licenses since it contains good and ugly plugins that are bad for other reasons (code quality or something). The ugly pacakge should be irrelevant for us ever since the mp3 plugins were moved to the good package. The bad package however is a tricky one and i'm 99% sure that youtube for example needs plugins from that package.
And this is where it gets tricky. iirc all plugins are stored as simple .so files in the same folder and the appimage bundler simply pulls in all plugins from that folder, so the only way to filter out plugins is by not having them installed :/ (the config in the linuxdeploy plugin you linked doesn't seem to do anything as far as i can see)
(Lastly, the wording on their repos is super confusing to me and to me it sounds like that the good package can also contain lpgl plugins that link to gpl libraries but i don't see any plugins where that is the case 🤔 )
angelinimattia
commented
10 months ago In truth we started to a manual scanning after a member of the GNU foundation pointed us to some GPL code of our AppImage. For now we removed the APPImage distro but we have to say that it is a very useful format to have on linux. As said from Fabian, I could try remove the plugins under a non redistribute license, maybe we can compile a list to use as a filter during AppImage creation. Or we can extract the license from the metadata, i have some rust code that list the info of the GStreamer plugins, and the license spidx is included so maybe it can help us.
denjell-crabnebula
commented
10 months ago Yeah, lets track down the offenders if we can, and potentially prune them.
lorenzolewis
commented
10 months ago Would it be okay if we transfer this issue over to tauri-apps/tauri? Or if this is something that we'd need to fix/update in docs instead of in the Tauri repo itself happy to keep it here.
denjell-crabnebula
commented
10 months ago Makes sense. Once we've sorted the code issue, we can bounce it back here if we need to update the docs.
angelinimattia
commented
2 weeks ago Hi Guys do you still need the code to list in rust the Gstreamer elements installed in the system? I got caught in between my master and work and completely forgot.
denjell-crabnebula
commented
2 weeks ago We have had in depth conversations with the gstreamer team and been assured that there is no GPL pollution here. Pinging @wusyong for confirmation
I was distributing my software under a non open source License, however after a little bit of inquiry I discovered that AppImage might contain some Restricting License as GPL software not enabling me to release my application as AppImage if I want to use a not open code license.
Is this the case or I'm interpreting thing wrongly?
Is possible to have a list of software and binaries included on the app image from tauri?
And finally can you confirm that if we are using tauri and distribute software using different packaging as EXE, deb or dmg we are not falling on the same licensing issues.
I thank you in advance for any support you can provide, best.
EDIT: From what the Tauri team discussed down, Tauri use only permissive Licenses however in the case you include GStreamer, Tauri will package all the viable Gstreamer's elements in the AppImage. However, some GStreamer elements have non permissive Licenses as GPL.