uber / neuropod

A uniform interface to run deep learning models from multiple frameworks
https://neuropod.ai
Apache License 2.0
936 stars 77 forks source link

Unlicense dependency should not be included directly in the project #560

Open jonathanbaker7 opened 1 year ago

jonathanbaker7 commented 1 year ago

The dependency file neuropod/backends/python_bridge/_neuropod_native_bootstrap/filelock.py has a header which declares it to use the Unlicense.

Although this file is just a dependency, and not written by Uber or any of the project authors, the header on this file creates an ambiguity on copyright for the entire project. Uber OSPO recommends that this file be removed, and included only as a referenced dependency. In other words, you can include this so that PyPi can download it directly, but it should not appear directly in this package.

VivekPanyam commented 1 year ago

Hi! That file is used in a bootstrap scenario where pip dependencies are not available. That unfortunately means we can't easily depend on it from PyPi.

Since that code is public domain, it should be okay to modify in any way including removing the header text, right?

I'd rather not remove the header if we don't need to, but if the text itself being in this repo is a problem, maybe removing it is the simplest solution?

Also, for what it's worth, pretty much every other substantial code file in the project has an Apache 2.0 license header and copyright line.

(Side note for anyone reading: To be clear, I'm aware that removing license headers is generally not okay, but because the file in question was released into the public domain, it should be fine. I'm also more okay with it because I left a comment near the top of that file linking to its origin)

Let me know if that solution works for you

jonathanbaker7 commented 1 year ago

Unfortunately, removing the header will just make it worse.

The problem with Unlicense is that is creates copyright confusion. An open source license - any open source license - is predicated on the copyright owner granting the terms of the license to any users. For example, when you apply MIT, you are saying "I own this, but you may use it for any purpose, without any time restriction, and I don't take any liability". (It's a rough translation.)

When the copyright is transferred to the public domain, the author loses the ability to apply the license. Two problems. 1) The transfer of copyright might not even be legal in many countries. 2) If you don't own the copyright, you can't define the license.

Taking the wording off the file doesn't solve the issue. Because, then what does it mean? Are you attempting to claim copyright for yourself? You can't do that. Worse, I'm not sure the original authors can do that anymore. And so the issue isn't cleared up, just obsfucated.

I understand this is a predicament. The best way out is to either dynamically use the code (as I suggested), pick another utility that does the same thing, or have someone write a new version of the algorithm which would automatically give copyright to the new author.

Again, reach out if you have any questions.