authlib icon indicating copy to clipboard operation
authlib copied to clipboard

Published 20 hours ago verified publisher icon lepture

License Confusion

Open rcludwick opened this issue 2 years ago • 8 comments

At work, there's confusion around the license. It looks like it's open source BSD license, but the website says the it's BSD only for open source projects. I believed that's been fixed in the repo, but not the website.

I believe two things will solve this.

  1. Remove the commercial license from the repo and move it to the website or clarify the license is for commercial support only.
  2. Clarify that all projects may use the BSD license, but that purchased support will follow the commercial license.

It's a great library. I'd hate to not use it because of this.

rcludwick avatar Jul 25 '22 22:07 rcludwick

I know developers don't always control the purse strings, but IMHO if your company is making money using free software, you should just pony up for a commercial license to support the authors of that software. Getting cheap about this stuff is how you wind up with two part-time devs maintaining core infrastructure out of the goodness of their hearts.

bjmc avatar Jul 25 '22 22:07 bjmc

@bjmc

I think you're absolutely spot on here. And that's a conversation that needs to happen with managers, not typically the devs -- because as you say, we don't hold the purse strings -- and I certainly don't here.

But as I understand the license terms of this project, purchasing of commercial support is not required for commercial use. And that's what I want clarified.

Otherwise this project is not open source under the various definitions of open source software.

rcludwick avatar Jul 25 '22 23:07 rcludwick

As said on readme:

If your company is creating a closed source OAuth provider, it is strongly suggested that your company purchasing a commercial license.

No confusion from readme.

lepture avatar Jul 27 '22 01:07 lepture

  1. We're not creating our own closed source OAuth provider. We're using the client functionality. For an oauth client $1000/yr is too much.

Also It should be pretty clear I'm using the django_client from this github issue in 2020.

https://github.com/lepture/authlib/issues/216

  1. The website says this:

Authlib Licenses Authlib offers two licenses, one is BSD for open source projects, one is a commercial license for closed source projects.

https://docs.authlib.org/en/latest/community/licenses.html

So license lawyers read that and it's pretty clear that if true, then your software really isn't OSS.

I recommend you using the same language from the README on the website.

rcludwick avatar Jul 27 '22 17:07 rcludwick

Then , if i start a startup project using authlib , just for Social Login do i have to pay? I won't even know if i would make money or not.

v3ss0n avatar Mar 24 '23 09:03 v3ss0n

@v3ss0n You don't have to. Just choose the BSD license.

lepture avatar Mar 24 '23 18:03 lepture

Oh , then thats great , we have confusion in opensource community with permissive licensing , should we use yours or not. Better clear it up somewhere in which cases , it is not eligible for this lib to be used. Like for example Building A competing Close Source Product like Auth0 that uses your library and sell. (I think thats the case?)
I had mentioned about this case in below topic , in case you want to explain.

v3ss0n avatar Mar 24 '23 18:03 v3ss0n

I think this sums up the situation perfectly.

https://github.com/starlite-api/starlite/issues/878#issuecomment-1483264075

Website says one thing. Pypi says another. This comment thread says a third.

rcludwick avatar Mar 29 '23 19:03 rcludwick