Re: [Haskell-cafe] Licenses and dependencies
On Sat, Jan 11, 2014 at 2:17 PM, Mateusz Kowalczyk
Hey, Perhaps you should have CC'd the list as well for this reply.
On 11/01/14 20:04, Mike Meyer wrote:
On 11/01/14 18:44, Ben Foppa wrote: Once you distribute the binary, you have probably pulled in and used
Oops. I've moved it back, since you suggested it. the
licensed libraries (unless replaced) so you're subject to the strongest license used.
Not "strongest", but all. Well, the GPL licenses sort of "stack", since they explicitly allow you to use newer (and usually stronger) versions of themselves, but other license don't.
The GNU project provides a description of many of the available licenses at: http://www.gnu.org/licenses/license-list.html, including compatibility notes. Right, all, but what this usually entices is that the strongest one prevails. For example, code with BSD3 and GPLv3 sources will have to be released under GPLv3 as a whole (although each part is still what it was licensed under individually). I worked under the assumption that all dependencies are have compatible licenses (and their dependencies too &c).
No, it's not a contest. You *have* to abide by them all. If you're dealing with the GPL, it may look like the "strongest" prevails, but that's a property of the GPL. It specifically requires any derived work be distributed under the GPL, with no added restrictions. So a compatible license will have no extra restrictions, and appear "weaker". A "stronger" license with extra restrictions (like the 4-clause BSD license) will be incompatible with the GPL, so you can't distributed a derived work at all. If you take the GPL out of the mix, and wanted to distributed a work derived from something covered by (for instance) BSD4 and the CPL - well, that would be fine, because I don't think either prevents the restrictions in the other. But the derived work would be covered by both, not just the stronger of the two (whichever that is). Your usual case may well be GPL'ed code. I happen to work with BSD-licensed code bases more often than not.
I think you'll be fine just choosing the PublicDomain license option. [...] Things you can't do with such an option:
* bundle other people's code which isn't under public domain
This is vague. If your bundle is a single work (like a static binary), then it has to obey all the applicable licenses, and probably can't be in the public domain. If it's a collection of works, then it can include anything you want, so long as each element in the collection obeys it's license.
I meant bundle as in the repository/source tarball/however you publish your source, _not_ the binary (I explicitly mention binary somewhere else).
In that case, you're perfectly free to include sources with other licenses in the tarball. You just need to make sure you follow their license for their entry in the collection. It's well-established that a simple collection of works (a tarball, etc.) is not a derived work.
* somehow enforce that only certain libraries will run with your program: the user should be able to replace the BSD3 licensed dependencies with their own if they want to Is there any license that enforces that? That seems more like a technical issue than a legal one. Though if you're dynamically linking the libraries, things get incredibly confusing. LGPL, does it not? It even outlines what constitutes as a prevention of other libraries.
I believe the LGPL does just the opposite - it *permits* linking with
non-free code without creating a derived work. I think I may not be
understanding what you're saying, though.
I think you're implying that it's possible to force users to use
specific libraries. That is indeed the case - you could write a
modified version of the GPL that says "You may only redistribute works
derived from my project if they use my libraries". You are correct in
that you can't do that if you place the work in the public domain. On
the other hand, I don't know of any commonly used open source library
that does that.
Alright, thanks for some clarifications. I agreed with everything you said. -- Mateusz K.
you can absolutely write BSD licensed ffi bindings to a GPL library,
however, the user of the library will be subject to the fact that the
underlying object code is derived from GPL code, But that does not mean
that client ffi has to be GPL. A good example of this might an api that
can connect to backends written under various licenses (bsd, gpl,
proprietary etc). A good example of such a lib is SciPy
https://github.com/scipy/scipy/blob/master/LICENSE.txt
GPL (along with many other licenses) have never been tested in court.
Additionally, if as an IP laywer, they'll say that the precise
interpretation of the GPL licenses is unclear (but that the FSF's
interpretation of the GPL is overreaching and requires magical powers
beyond the scope of copyright law)
You can write code in any license you want, and you should! Just because a
lib dep is GPL or LPGL doesn't mean your lib must be. However, you should
explicitly note the presence of any dependencies that may have restrictive
licenses like (L)GPL very very prominantly.
Do no try to use opinions to make legal decisions. Feelings have very very
little to do with how law works. Its a complex organism that has (at this
point) 1+ Millenia of legacy (legal) code.
Often times, legal matters are even more complex than software, sadly
unlike in software where its "cheap" to experiment with compiler / linker
flags, disambiguating legal matters tends to require court cases and legal
proceedings that can be quite expensive.
Use whatever license makes you happy, but (if you're wanting it to be used
in the haskell community as a library) make it MIT/BSD/Apache/equivalent.
GPL is appropriate for end user applications and black box server
applications (certain DB application servers that shall not be named), and
sometimes OSes too *(though the BSDers may argue otherwise).
LGPL with a Static linking exception is also hypothetically acceptable for
haskell libraries, but theres some cultural bias against them, and its a
somewhat a complex variant to use.
TL;DR -- if you ever want code you're writing to land in
GHC/cabal/hackage-server/base, it needs to be MIT/BSD compatible. For
anything else, talk with a lawyer
cheers
-Carter
On Sat, Jan 11, 2014 at 4:17 PM, Mateusz Kowalczyk
Alright, thanks for some clarifications. I agreed with everything you said.
-- Mateusz K. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/01/14 19:44, Ben Foppa wrote:
Essentially my goal is to waive all intellectual property rights to most of my Haskell projects, to the extent that, were I to unintentionally sign away my intellectual property, my open-source contributions would be safe - what's the easiest way to do this? "Intellectual property" is not really a thing[0]. What it sounds like you want to do is ensure that your code stays free software. For this you need a licence that prevents people from using it for proprietary development. Here I recommend the GNU GPL[1]. But see [2] for a short introduction to "what licence should I be using".
On 12/01/14 00:06, Carter Schonwald wrote:
GPL [has] never been tested in court. This is false[3].
[0] https://www.gnu.org/philosophy/not-ipr [1] https://www.gnu.org/licenses/#GPL [2] https://www.gnu.org/licenses/license-recommendations.html [3] See https://en.wikipedia.org/wiki/GNU_GPL#Legal_status for some specific cases - -- Alexander alexander@plaimi.net http://plaimi.net/~alexander -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLSmGAACgkQRtClrXBQc7VYUwEAh41sGz5JUc8IUMnTmAPCLBpj ekk3+Y3oxs6gRm+wPzEA/0aPTYRUZgGBOmhv4yzrSy07SQwW+3NqOAqV9ZDu9k+z =u7fp -----END PGP SIGNATURE-----
Wikipedia does not constitute legal advise For those who wish to make their code public domain, SQLite is a good role model. The SQLite license is essentially the equivalent of being public domain. On Sunday, January 12, 2014, Alexander Berntsen wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 11/01/14 19:44, Ben Foppa wrote:
Essentially my goal is to waive all intellectual property rights to most of my Haskell projects, to the extent that, were I to unintentionally sign away my intellectual property, my open-source contributions would be safe - what's the easiest way to do this? "Intellectual property" is not really a thing[0]. What it sounds like you want to do is ensure that your code stays free software. For this you need a licence that prevents people from using it for proprietary development. Here I recommend the GNU GPL[1]. But see [2] for a short introduction to "what licence should I be using".
On 12/01/14 00:06, Carter Schonwald wrote:
GPL [has] never been tested in court. This is false[3].
[0] https://www.gnu.org/philosophy/not-ipr [1] https://www.gnu.org/licenses/#GPL [2] https://www.gnu.org/licenses/license-recommendations.html [3] See https://en.wikipedia.org/wiki/GNU_GPL#Legal_status for some specific cases - -- Alexander alexander@plaimi.net javascript:; http://plaimi.net/~alexander -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlLSmGAACgkQRtClrXBQc7VYUwEAh41sGz5JUc8IUMnTmAPCLBpj ekk3+Y3oxs6gRm+wPzEA/0aPTYRUZgGBOmhv4yzrSy07SQwW+3NqOAqV9ZDu9k+z =u7fp -----END PGP SIGNATURE----- _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org javascript:; http://www.haskell.org/mailman/listinfo/haskell-cafe
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 12/01/14 17:16, Carter Schonwald wrote:
Wikipedia does not constitute legal advise If you visit the page, you will find several links for prolific cases where the GPL has been tested in court.
Alexander alexander@plaimi.net http://plaimi.net/~alexander -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLTOjsACgkQRtClrXBQc7VIuAD+KZTTJ0qyEC4pt+fX3e5UGMbm Z+5ZmGCbScRQ0pvAw5MA+QGq4eG01x/OAJaNq6IzrEsYD3EmBa0TZAWb1qjGvAy+ =rje1 -----END PGP SIGNATURE-----
participants (4)
-
Alexander Berntsen -
Carter Schonwald -
Mateusz Kowalczyk -
Mike Meyer