biojs3 icon indicating copy to clipboard operation
biojs3 copied to clipboard

Published 20 hours ago verified publisher icon biojs

Can we enforce a single license for all components?

Open wilzbach opened this issue 10 years ago • 4 comments

Feedback from the industry session at the 1st BioJS conference showed that licensing is a key problem for companies. Ideally only a single, very permissive license (like BSD or MIT) should be chosen and be a requirement for all submitted components as for them it is very important to restrict access to the modified source code. See also permissive free software licence (aka non copy-left license) on wikipedia.

Open questions:

  1. are there many authors who wouldn't be able to submit their code because of their company's/university's policy? (e.g. they are only allowed to share their code with GPL)
  2. is it still possible to include dependencies which aren't licensed under the chosen license (many modules are MIT)
  3. can we enforce author's not to include dependencies with incompatible licenses (e.g. GPL)?
  4. Should we use MIT, BSD or Apache 2 as project license?

wilzbach avatar Jul 05 '15 19:07 wilzbach

  1. AFAIK (i am not a lawyer) if we choose BSD as project license, we can use dependencies with at least the following licenses: Apache 2, MIT

wilzbach avatar Jul 05 '15 19:07 wilzbach

Prohibiting dependencies that are not licensed appropriately sounds very restrictive and may stop people from contributing, don't you think?

benediktrauscher avatar Jul 05 '15 19:07 benediktrauscher

Prohibiting dependencies that are not licensed appropriately sounds very restrictive and may stop people from contributing, don't you think?

Yes I do agree, but where is the value of the contribution if our userbase can't use the contribution due to license restrictions?

BTW the most depended packages on npm are all permissive license (MIT, BSD, ISC, Apache 2) - so I think this is more an edge case question.

We could also say that everything under the BioJS organization must be license X (or compatible to it) and on the registry we shows a traffic light depending on the licenses of the component's dependencies (green: usable for companies, orange: usable for open research, red: no information found etc.).

wilzbach avatar Jul 05 '15 19:07 wilzbach

Like in #3, I must repeat: It's not productive to enforce anything. You're going to exclude ¾th of potential contributors. Rather, make recommendations and allow the registry to be filtered by licence. Even nicer: allow the registry be filtered by license type and/or compatibility.

mhelvens avatar Jul 25 '15 22:07 mhelvens