GPL 2.0 license in ruby-graphviz dependency

[sirvine]

I discovered in a license audit of my codebase that rails-erd was bringing ruby-graphiz in as a dependency. Ruby-Graphviz is GPL2.0 licensed (see here).

This could have negative consequences for users who see the MIT license on this library and assume that this gem can be used in a closed-source, confidential/proprietary codebase. In fact, I believe this dependency means that we have to remove rails-erd from all code that we don't want to disclose publicly per the terms of the GPL2.

I tried replacing ruby-graphviz with an MIT-licensed equivalent, but the differences in API were sufficient that it wasn't worth the effort in our case.

This is a great and useful gem, and I'd love to use it in closed-source projects again soon. Of course, anyone is free to disagree with my interpretation of the licenses, but I tend to be very conservative about anything other than LGPL touching closed-source code.

[kerrizor]

Thank you for bringing this to my attention. I'll take a look at the licensing implications, and see about a replacement.

[ioquatix]

This is still an issue - you cannot license rails-erd under the MIT license if you depend on ruby-graphviz.

[postmodern]

If ruby-graphviz only shells out to the graphviz dot utility, I don't think that's considered "linking" and someone could convince the author(s) to re-license ruby-graphviz as MIT or LGPL.

[ioquatix]

Pending that you can just rewrite this gem to use https://rubygems.org/gems/graphviz