License violation

[mambax7]

FYI: @Lewiscowles1986 just violated your MIT License by changing it to AGPL: https://github.com/Lewiscowles1986/php-ulid/issues/17

I find it very disrespectful to the spirit of Open Source and to your work :(

I hope, he'll come to his senses and will change it back to MIT, or you might contact the Free Software Foundation (https://softwarefreedom.org/) and ask them to explain to him the legal violation.

[remyrylan]

@mambax7 I have no affiliation with either project, but you're mistaken on how the licensing works.

ULID is a spec which is GPL licensed: https://github.com/ulid/spec

ULID.js is a JavaScript implementation of the spec which is MIT licensed.

Anyone can implement the spec in any programming programming language they'd like and release it under any license they choose.

There is no license violation going on here. @Lewiscowles1986 is free to do as he wants.

An example of a license violation would be if someone were to fork ULID.js (MIT licensed), modify a few files and then release something like ULID-2.js under AGPL or another license.

[tuupola]

An example of a license violation would be if someone were to fork ULID.js (MIT licensed), modify a few files and then release something like ULID-2.js under AGPL or another license.

Not 100% correct. MIT is permissive and it allows changing the license (ie sublicensing) to something else such as AGPL as long as the original copyright and permission notices are intact.

It does not work the other way though. You cannot take GPL code and relicense it to MIT. Because of this and GPL also being viral is a reason why many people avoid using GPL code.

[remyrylan]

@tuupola wasn't aware of that, very interesting. Thank you for the clarification.

[mambax7]

Well, there are two aspects to it: legal and moral/integrity. a) legally you cannot change the license, because the MIT License states: "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software." Maybe you can add additional license, but my understanding is that you can't just remove MIT and replace it with other license. But I am not a lawyer so I feel free to provide other info where somebody did that. I couldn't find anything, actually I found the opposite: https://www.quora.com/Can-I-change-the-license-of-the-MIT-source-code-after-I-made-a-lot-of-changes

b) As Open Source developers we should show respect to each other. Obviously people who release software under MIT decided on a very permissive license while AGPL is more restrictive.
I find it disrespectful to change somebody's code license without explicit permission. If he needed AGPL for whatever reason, he could ask the upstream authors to release it under dual license: MIT and AGPL, and the issue would be solved.

[mambax7]

@jrylan out of curiosity, I looked at all the implementations of ULID: https://github.com/ulid/spec, and all of them are released under MIT, except four, which were released under Apache, which is also very permissive. But AGPL is pretty restrictive (https://en.wikipedia.org/wiki/License_compatibility) and I don't think that that was the intent of the ULID author.

Thankfully, there is another PHP implementation that is released under MIT: https://github.com/robinvdvleuten/php-ulid so @Lewiscowles1986 can lock his PHP port all to himself :)

[remyrylan]

@mambax7 I get where you're coming from and I totally agree with on spirit, however the ULID PHP project is not simply using forked code. @Lewiscowles1986 wrote original PHP code based on the GPL-licensed ULID spec.

Had @Lewiscowles1986 simply taken the source code for ULID.js and made only simple modifications to the JS source to make it work with PHP then there could be a license issue. But it's clear to me looking at the source that ULID.php is all original code and implemented in a totally different way than ULID.js, thus it's an original work based on a GPL spec and the author is free to license as they want.

We can't expect every open source project within an ecosystem to follow the same license as the original work that spurred the ecosystem in the first place, it just doesn't work that way no matter how much we'd all like it to. As an example, I'd love it if every project in the React.js ecosystem all followed the same MIT license that React.js is now under itself, but that's just not the case.

Edit: Yup, I agree with you. Go with the MIT licensed version if it works better for you!

[mambax7]

jrylan, if he implemented, as you said, the specs independently, then of course, legally he is OK.

But he posted in the description that: "Tests borrowed from .NET port" The .NET port was also released under MIT, so if he is using that, then he is in violation of the MIT license. He should then release the tests under MIT, and the software he wrote under AGPL.

[remyrylan]

@mambax7 If the tests are largely unmodified, I agree with that. At the very least the MIT license and original copyright should be left intact on those files.

[tuupola]

a) legally you cannot change the license, because the MIT License states: "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software."

Copyright and license are different things. Above note means you must keep the copyright notice and the permission note intact. MIT license specifically gives you permission to sublicense ie relicense the code.

... including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies ..."

In other words, with MIT code one can do whatever one wants except remove original authors copyright from it.

Other points I agree. I cringe when I see permissive licensed code changed to restrictive license.

[mambax7]

@jrylan When we give our software away for free, the least that we should expect is some respect for the licenses we choose.

[mambax7]

@tuupola You're correct that these are two different things, i.e. the requirement is to keep BOTH: a) "The above copyright notice and " b) "this permission "

The permission "IS" the license! So it needs to be always included.

Sub-licensing is something different - you still have to keep the MIT license, you just might add to it another license, and the user can then decide which one he wants to use.

[remyrylan]

@mambax7 Yup, I agree with everything of where you're coming from -- just trying to think purely from the legal perspective.

[tuupola]

Anyway, since there is now an opening for MIT licensed ULID you might want to keep eye on this:

https://github.com/tuupola/ulid

Still work in progress. I basically took my KSUID package and converted it to produce ULIDs.

https://github.com/tuupola/ksuid

[mambax7]

@tuupola Thank you for doing it!

[Lewiscowles1986]

@mambax7 1 what you've actually done is slandered me which is a civil liability because I don't follow your reductive and frankly remedial outlook. Don't tag me in any issues again, and stay away from my repo's. None of your issues will be addressed. No PR's will be merged. You are lifetime banned from further interaction on any project I ever work on.

[mambax7]

@Lewiscowles1986 Slander? I'm sorry to see that you feel that way, instead of doing some soul searching about the spirit of Open Source and about being a positive, contributing member of the Open Source community.

Thankfully there are other PHP implementation released under MIT license, so we don't need your port, you can keep it to yourself :)

[mambax7]

@jrylan just to close the "legal" part - this is probably the best explanation of "MIT sublicense": https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-Line.html So it's not "re-licensing" under a different license, but giving somebody the same "direct license", i.e. I don't have to go to the original author to ask for the license, because you can give the license as well:

"The norm is what Heather Meeker calls a “direct licensing” approach, where everyone who gets a copy of the software and its license terms gets a license direct from the owner. Anyone who might get a sublicense under the MIT License will probably end up with a copy of the license telling them they have a direct license, too."

[Lewiscowles1986]

When we give our software away for free, the least that we should expect is some respect for the licenses we choose.

Not only do the tests use different libraries (it's the data used, which is likely too small to be copywritten, licensed etc), but OP is whining about a library that

• I wrote
• hasn't been updated in a while

OP approached this like a 6-year-old, not a grown adult, who should have been able to tell by now that they are not in charge of other people.

As for other comments disparaging GPL, AGPL, seeking to dictate what happens with a library I happen to have released as OpenSource under a license I chose to protect users. Please find a local expert that can explain licensing, and go over practical concerns.

Any code I release that I'm not paid for is AGPL, has been for some time. That is my choice. As nobody here has paid for any development of the Java or PHP ports I wrote, I don't see that you have any input on the license. The test data is the same so it doesn't take a genius to work out the libs do the same things.

Simply ignore the library if you don't want to use it. It's license ensures that not only developers but also users of a system have rights to access that code and any code that is statically linked to it. It protects users freedoms and locks itself as a license so that my work cannot be simply copy-pasted and those freedoms removed from users, companies or developers (which is what I think OP is angry about).

I'd appreciate it if this digression that I don't see helping the spec or this library were closed and locked. At present, I feel any communication from OP can be quite literally be described as harassment, but other than initial comments, if I'm honest I feel like slander and harassment has been facilitated rather than stamped upon.

[mambax7]

@Lewiscowles1986 Gee, whatever you write, you can release under any license of your choice, and I never said that you should use "this" or "that" license for your code. Your code, your license. The only issue was that if you use somebody's code, you should respect their license, regardless of how small part it was. I do applaud you for giving credit to both JS and .NET implementations, but by your own admission, if you've "borrowed" the test code from the .NET implementation, then the code is still under MIT and it should be clearly noted, incl. the copyright and the license. Let's face it - you wouldn't like if somebody had taken your AGPL code and released it under something else, right? So don't act like so offended, read the explanation of MIT License: https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-Line.html and rewrite the test code so it's yours and release it under AGPL, or include the MIT license with it.

The last thing that we need in Open Source is people getting offended because somebody was trying to make them aware that they are in violation of the license.

[mroderick]

I think this issue can be closed now.