Even as a non-lawyer, I can assert that having no mention of any license at all is a real problem. My company won't allow any software to be used without a license.
By coincidence our lawyers contacted me a few days ago and wanted to know the licensing for the software we use. I went to google on every module and I found four different modules with no mention of any license. I sent a request for a license to each author (usually submitting an issue). I am bummed because I have gotten only one response. I will have to remove the non-licensed code, replace it, and rewrite my code. I hate doing work just for lawyers. On Wed, Mar 27, 2013 at 10:14 AM, Isaac Schlueter <i...@izs.me> wrote: > I had no idea there were so many experienced IP lawyers on this > mailing list! How lucky we are! It's amazing that you all found time > to learn JavaScript, what with going to law school, passing the bar, > and then becoming familiar with the massive libraries of case-law on > this subject! > > Sadly, I'm not a lawyer, just a simple programmer. So I'm not an > expert on these matters, and as a non-expert, I'm not really > comfortable encoding strong opinions in npm on the subject. This way, > npm is a tool, and humans can work out their preferences using it, > however they like. > > Depending on who you ask, to be valid/enforceable, a license must be > one or more of the following: > > 1. declared in every file > 2. declared in any file > 3. declared somewhere in a file along with the source > 4. mentioned by the author, ever, in any context (even verbally) > 5. mentioned along with a link to the full text > 6. mentioned by name > 7. exist in a database of osi-approved licenses > 8. exist in the author's head, even if never mentioned, linked, or > printed anywhere else > 9. differentiate between variants of the name (ie, "BSD" is not ok, > but "BSD-2-clause" is) > 10. Nothing. OSS/Free Software licenses aren't actually enforceable. > > Yes, all of these are real statements that real people have made to > me, very confident that they were correct. Some of those people were > lawyers. Most were just programmers playing pretend. But as a > non-legal-expert myself, I have a hard time telling the difference > between a good lawyer, a bad lawyer, and a duck in a lawyer costume. > > npm has a "license" field, and the common pattern is to also put a > LICENSE (or LICENCE, for imperials) file in the root of your project. > Do whatever you want. I'm not going to get more involved than that. > > For me, if you send me a pull req with the same BSD license that I put > on all my code, I'll accept it without question. > > > > On Wed, Mar 27, 2013 at 10:00 AM, Dick Hardt <dick.ha...@gmail.com> wrote: > > Actually, that is not true. There are several MIT licenses, so unless the > > actual license text is included, it is ambiguous what the license is: > > > > http://en.wikipedia.org/wiki/MIT_License#Various_versions > > > > Having a LICENSE file in the package makes it clear what the license is, > or > > alternatively stating the full license in the README.md > > > > -- Dick > > > > On Mar 27, 2013, at 9:55 AM, Austin William Wright > > <diamondma...@users.sourceforge.net> wrote: > > > > A license is something that is granted by the author at > distribution-time, > > it need not be included in the package contents. If an author wholly owns > > the copyright on their work, they can offer the program to you under any > > license they want, regardless of what the file inside the repository or > > package says. > > > > So that paragraph doesn't actually, really, do anything - it's not a > > clause/stipulation (that is to say, it has no "teeth"). Granted that the > > author is able to make the full text of the license available upon > request, > > a package that the author says is MIT licensed, even without including > the > > full text, is still MIT licensed. > > > > On Wednesday, March 27, 2013 9:12:03 AM UTC-7, kapouer wrote: > >> > >> Hi, > >> saying the author's work is MIT licensed is not enough, > >> the full text of the license must be there too, as written > >> in its second paragraph : > >> > >> The above copyright notice and this permission notice shall be > >> included in all copies or substantial portions of the Software. > >> > >> I write this here because i see countless node modules in this case, > >> whose authors probably believe their software to have a very liberal, > >> free, and open-source license - but they have de facto no license at > all. > >> > >> Jérémy. > >> > >> PS: because i see one module per day in this situation > > > > > > -- > > -- > > Job Board: http://jobs.nodejs.org/ > > Posting guidelines: > > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > > You received this message because you are subscribed to the Google > > Groups "nodejs" group. > > To post to this group, send email to nodejs@googlegroups.com > > To unsubscribe from this group, send email to > > nodejs+unsubscr...@googlegroups.com > > For more options, visit this group at > > http://groups.google.com/group/nodejs?hl=en?hl=en > > > > --- > > You received this message because you are subscribed to the Google Groups > > "nodejs" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to nodejs+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > > > -- > > -- > > Job Board: http://jobs.nodejs.org/ > > Posting guidelines: > > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > > You received this message because you are subscribed to the Google > > Groups "nodejs" group. > > To post to this group, send email to nodejs@googlegroups.com > > To unsubscribe from this group, send email to > > nodejs+unsubscr...@googlegroups.com > > For more options, visit this group at > > http://groups.google.com/group/nodejs?hl=en?hl=en > > > > --- > > You received this message because you are subscribed to the Google Groups > > "nodejs" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to nodejs+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to nodejs@googlegroups.com > To unsubscribe from this group, send email to > nodejs+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to nodejs+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.