did_you_mean icon indicating copy to clipboard operation
did_you_mean copied to clipboard

Published 20 hours ago verified publisher icon ruby

Gem is not commercial compliant

Open bdon-hash opened this issue 3 years ago • 7 comments
trafficstars

Per PR #82, https://creativecommons.org/licenses/by-nc-sa/3.0/ states that this is not for commercial use. This should be reflected in LICENCE.txt, correct?

bdon-hash avatar Mar 31 '22 16:03 bdon-hash

Good point. I don't think the intent was to prevent commercial use, but I am not sure of the lineage of the related word list.

headius avatar Mar 31 '22 17:03 headius

Reflecting this in LICENCE.txt doesn't deal with the actual problem. My understanding is that the word list in question is only used for evaluation. So it could be argued that even if this gem is distributed as part of Ruby, and Ruby is in turn distributed as part of a commercial product (could be anything, e.g. a TV set), the chance that the data is actually used is very low. It would nevertheless in my opinion be highly prudent to remove this data and the related code from the gem. If necessary, the evaluation part could be turned into a separate gem that would not be included in Ruby distributions. The removal also should be backported if possible (not sure this is possible for this type of gem). @hsbt @yuki24

duerst avatar Apr 01 '22 00:04 duerst

The CC-licensed data is used for evaluation purposes only. The entire evaluation directory, including the subject of this topic, is specifically excluded from the all released versions of the gem and from the Ruby core source code. None of DYM's code depends on any CC-licensed file/data at runtime.

Extracting the entire evaluation directory out of this repo does seem fair, but given the fact that no production code depends on anything licensed under CC, I do not believe we could justify extra complication to maintain unless we receive substantial financial support.

The only exceptional case is when/if you explicitly and directly re-used or modified the evaluation/incorrect_words.yaml for your proprietary software, which I do not believe is a common case.

yuki24 avatar Apr 01 '22 03:04 yuki24

@yuki24: Thanks for explaining that the evaluation directory is excluded from all released versions of the gem. This means that there actually no concerns regarding copyright restrictions for the gem or for Ruby itself. I have created a pull request to clarify this in the file (see https://github.com/duerst/did_you_mean/pull/1). Currently, this pull request may be in the wrong place (on my fork rather than on the main repo. In that case, please tell me how to change this to make the pull request apply to the main repo.

duerst avatar Apr 01 '22 05:04 duerst

@duerst Thank you so much for preparing a PR for this. Really appreciated! We should be able to merge your change as-is.

yuki24 avatar Apr 01 '22 06:04 yuki24

Just to be clear, here is a summary of this whole topic:

  1. Ruby 2.3 and 2.4: The file is still in these versions of Ruby. There is no DYM versions that work with Ruby 2.3 or 2.4 that do not contain the file in question. The best way to mitigate the risks of license violation is to simply uninstall DYM in production:

    $ gem uninstall did_you_mean # Do this in production

  2. Ruby 2.5: The file is still in this version. You could either uninstall the gem as stated in (1), or upgrade the gem to v1.2.1 or later:

    $ gem uninstall did_you_mean -v=1.2.0
$ gem install did_you_mean -v=1.5.0

  3. Any later released or bundled versions: They are not affected by the licensing issues here.

  4. Pulling directly from GitHub: It is advised to not do so in production. Be sure to exclude it from the production group:

    # Do not install it in production
gem "did_you_mean", github: "ruby/did_you_mean", group: [:development, :test]

I'll have to catch up with JRuby though.

@headius Anything I can do to help resolve this issue on the JRuby side?

yuki24 avatar Apr 01 '22 06:04 yuki24

@yuki24: Thanks for the many more details, and for the advice for Ruby 2.3/2.4/2.5.

For those who have Ruby deployed in (commercial) production, please note that just having the file on your production server may not necessarily constitute commercial use. The file may actually not be used at all, it may be impossible to figure out from the service whether the gem or the file is actually on the server, and there was no intent to use the file.

For more details of the definition of "commercial use", please check https://creativecommons.org/faq/#does-my-use-violate-the-noncommercial-clause-of-the-licenses and https://wiki.creativecommons.org/wiki/NonCommercial_interpretation.

[If you are still in doubt, you may want to check with a lawyer.]

duerst avatar Apr 01 '22 08:04 duerst

I have cherry-picked @duerst's comment and added a note on the license: 034f26189f2a7d6e20951ed342ff69274f52c7fe. Please let me know if further discussion is needed.

yuki24 avatar Jan 01 '23 09:01 yuki24

We will upgrade JRuby 9.3 and 9.4 to compliant versions. Should be ok. 👍

headius avatar Jan 04 '23 18:01 headius

Actually, it looks like JRuby 9.3 is on 1.3.0 already and 9.4 is on 1.6.1, so I think we're ok out of the box.

headius avatar Jan 04 '23 18:01 headius

@headius Sweet! Seems like we are all good now.

yuki24 avatar Jan 05 '23 06:01 yuki24