badges
Switch from CC0 to MIT and Apache 2.0 licenses
This PR aims at finally rolling out the changes discussed in #3664. Other related PRs: #3736 and https://github.com/badges/squint/pull/1.
Summarising my understanding of where we're at: after getting input from @espadrine, the original author of this project, @paulmelnikow proposed dual-licensing the project under both the MIT and Apache 2.0 licenses in https://github.com/badges/shields/issues/3664#issuecomment-531577393. Both @calebcartwright and @PyvesB are on board with the proposal, having added their 👍🏻. Worth noting that this dual licensing approach is also what we've rolled out in Shields-adjacent projects in the meantime, for example squint.
In this instance, I've labeled the copyright holder as Copyright Thaddée Tyl and contributors, to align with package.json entries which also list him as the author of the project.
As a side note, Paul had suggested adding a note about the history of the license in the README. Given we've now got a blog capability, I've instead leveraged that and written a short article, which feels like a more appropriate way of communicating the change to our users.
Amongst the current maintainers listed in the README, we're missing input from @jNullj. He's the only other active maintainer alongside me, I'm adding the needs-discussion label and treating his approval as a requirement for moving ahead with this change.
| Messages | |
|---|---|
| :book: | :sparkles: Thanks for your contribution to Shields, @PyvesB! |
| :book: |
Thanks for contributing to our documentation. We :heart: our documentarians! |
Generated by :no_entry_sign: dangerJS against 6b0814be99ee3c9a9b5f21eb1ed6908c52f4face
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for pushing this forward. I think it's fine to mention Thaddée's name, though I'd like to be listed too as I at one point rewrote much of this project. Otherwise this looks good to me!
I feel like what goes in the licence document is more about "who is entitled to assert intellectual property rights over this thing" than "who gets credit for doing the work". As such, I'm not really bothered about being mentioned here. Probably simplifies things if I am not. Thanks though
Yea, agree it's more about acknowledgement.
The other person who has written a lot of code in this codebase is @calebcartwright.
I think its a good change but what about compatibility with existing dependencies?
Using this table and looking at our package-lock.json I notice some incompatibilities.
Here is a summary of license-checker (next comment) you can see we have some CC0 & Unlicense that are not compatible...
My understanding was that we could use CC0/unlicense packages in an MIT or Apache project. I'm no lawyer, but what makes you say this is not the case?
I might be wrong, im not a lawyer, i doubt we have one in the repo. Aren't we obligated to the most permissive license or is it the other way around? We can use more permissive dependency then what we use as it gives us permission for more uses? I gave it some more reading and it seems you could if you avoid conflicting requirements. In that case, CC0 for example should not cause an issue as it may allow us to use it for our MIT needs without restrictions. This topic is very confusing.
Should we look at tools to manage that?
I could sum it like this, I prefer the new dual license, im just not sure how licenses should be managed project wise for compatibility. Considering im not an expert for compatibility, my comment might not be very relevant here about the specifics of what we can or can't use.
If we might be violating a copyleft dependency, it would be by hosting a SaaS without providing the source code (which we don't) and such dependencies would be GPLv3 / AGPL which I'm not seeing in the list above.
Regardless it's an orthogonal question to the one here, which is the license to the Shields source.
If Chris doesn't want to be mentioned here, fine, though let's see if we can get Caleb's thoughts.
Yea, I got off topic. The changes proposed look good, And the re-license sounds like a good idea.