So much silly posturing on this thread. If it's an issue with a specific module post a bug in their issue tracker on github (or even better, a pull request). Posting a generic "please EVERYONE check your hundreds of modules" on here isn't going to fix anything.
On Wed, Mar 27, 2013 at 2:49 PM, Mark Hahn <[email protected]> wrote: > > But may I ask, why is your company listening to these lawyers. > > Who should we listen to then? > > > I'm not aware of any case law where someone got in trouble for > utilizing code published publicly by the author for the purpose of being > used (though I can imagine it, IF you're re-distributing the code in > question) > > We are only concerned about code we use with our SAAS, which the user pays > for. We include twenty-four 3rd-party modules in out app. And that > doesn't include all the dependent modules. > > > AND you should have known better. > > I am not a lawyer and I can definitely see you aren't either. The next > time the highway patrol pulls me over I'll say I didn't know better. :-) > > > > > > On Wed, Mar 27, 2013 at 9:43 AM, Austin William Wright < > [email protected]> wrote: > >> If a work is creative enough to be covered by copyright (there's no rule >> for code, but usually anything not straightforward and more than a few >> lines), then yeah, you need some form of license. >> >> But may I ask, why is your company listening to these lawyers. >> >> No, really, while they are *technically* correct in what they say, >> perhaps your company should consider also buying the services of an >> economist, who would promptly inform you that the expected financial impact >> is somewhere in the vicinity of a zero to none. And the lawyers should >> theoretically know that too, I'm not aware of any case law where someone >> got in trouble for utilizing code published publicly by the author for the >> purpose of being used (though I can imagine it, IF you're re-distributing >> the code in question). The author of the package would have to know that >> you're using the code at all, THEN file a lawsuit, AND ask for damages, AND >> demonstrate that there's no implied license AND you should have known >> better. >> >> >> On Wednesday, March 27, 2013 10:22:55 AM UTC-7, Mark Hahn wrote: >> >>> Even as a non-lawyer, I can assert that having no mention of any license >>> at all is a real problem. My company won't allow any software to be used >>> without a license. >>> >>> By coincidence our lawyers contacted me a few days ago and wanted to >>> know the licensing for the software we use. I went to google on every >>> module and I found four different modules with no mention of any license. >>> I sent a request for a license to each author (usually submitting an >>> issue). >>> >>> I am bummed because I have gotten only one response. I will have to >>> remove the non-licensed code, replace it, and rewrite my code. I hate >>> doing work just for lawyers. >>> >>> >>> On Wed, Mar 27, 2013 at 10:14 AM, Isaac Schlueter <[email protected]> wrote: >>> >>>> I had no idea there were so many experienced IP lawyers on this >>>> mailing list! How lucky we are! It's amazing that you all found time >>>> to learn JavaScript, what with going to law school, passing the bar, >>>> and then becoming familiar with the massive libraries of case-law on >>>> this subject! >>>> >>>> Sadly, I'm not a lawyer, just a simple programmer. So I'm not an >>>> expert on these matters, and as a non-expert, I'm not really >>>> comfortable encoding strong opinions in npm on the subject. This way, >>>> npm is a tool, and humans can work out their preferences using it, >>>> however they like. >>>> >>>> Depending on who you ask, to be valid/enforceable, a license must be >>>> one or more of the following: >>>> >>>> 1. declared in every file >>>> 2. declared in any file >>>> 3. declared somewhere in a file along with the source >>>> 4. mentioned by the author, ever, in any context (even verbally) >>>> 5. mentioned along with a link to the full text >>>> 6. mentioned by name >>>> 7. exist in a database of osi-approved licenses >>>> 8. exist in the author's head, even if never mentioned, linked, or >>>> printed anywhere else >>>> 9. differentiate between variants of the name (ie, "BSD" is not ok, >>>> but "BSD-2-clause" is) >>>> 10. Nothing. OSS/Free Software licenses aren't actually enforceable. >>>> >>>> Yes, all of these are real statements that real people have made to >>>> me, very confident that they were correct. Some of those people were >>>> lawyers. Most were just programmers playing pretend. But as a >>>> non-legal-expert myself, I have a hard time telling the difference >>>> between a good lawyer, a bad lawyer, and a duck in a lawyer costume. >>>> >>>> npm has a "license" field, and the common pattern is to also put a >>>> LICENSE (or LICENCE, for imperials) file in the root of your project. >>>> Do whatever you want. I'm not going to get more involved than that. >>>> >>>> For me, if you send me a pull req with the same BSD license that I put >>>> on all my code, I'll accept it without question. >>>> >>>> >>>> >>>> On Wed, Mar 27, 2013 at 10:00 AM, Dick Hardt <[email protected]> >>>> wrote: >>>> > Actually, that is not true. There are several MIT licenses, so unless >>>> the >>>> > actual license text is included, it is ambiguous what the license is: >>>> > >>>> > http://en.wikipedia.org/wiki/**MIT_License#Various_versions<http://en.wikipedia.org/wiki/MIT_License#Various_versions> >>>> > >>>> > Having a LICENSE file in the package makes it clear what the license >>>> is, or >>>> > alternatively stating the full license in the README.md >>>> > >>>> > -- Dick >>>> > >>>> > On Mar 27, 2013, at 9:55 AM, Austin William Wright >>>> > <diamon...@users.**sourceforge.net> wrote: >>>> > >>>> > A license is something that is granted by the author at >>>> distribution-time, >>>> > it need not be included in the package contents. If an author wholly >>>> owns >>>> > the copyright on their work, they can offer the program to you under >>>> any >>>> > license they want, regardless of what the file inside the repository >>>> or >>>> > package says. >>>> > >>>> > So that paragraph doesn't actually, really, do anything - it's not a >>>> > clause/stipulation (that is to say, it has no "teeth"). Granted that >>>> the >>>> > author is able to make the full text of the license available upon >>>> request, >>>> > a package that the author says is MIT licensed, even without >>>> including the >>>> > full text, is still MIT licensed. >>>> > >>>> > On Wednesday, March 27, 2013 9:12:03 AM UTC-7, kapouer wrote: >>>> >> >>>> >> Hi, >>>> >> saying the author's work is MIT licensed is not enough, >>>> >> the full text of the license must be there too, as written >>>> >> in its second paragraph : >>>> >> >>>> >> The above copyright notice and this permission notice shall be >>>> >> included in all copies or substantial portions of the Software. >>>> >> >>>> >> I write this here because i see countless node modules in this case, >>>> >> whose authors probably believe their software to have a very liberal, >>>> >> free, and open-source license - but they have de facto no license at >>>> all. >>>> >> >>>> >> Jérémy. >>>> >> >>>> >> PS: because i see one module per day in this situation >>>> > >>>> > >>>> > -- >>>> > -- >>>> > Job Board: http://jobs.nodejs.org/ >>>> > Posting guidelines: >>>> > https://github.com/joyent/**node/wiki/Mailing-List-** >>>> Posting-Guidelines<https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines> >>>> > You received this message because you are subscribed to the Google >>>> > Groups "nodejs" group. >>>> > To post to this group, send email to [email protected] >>>> >>>> > To unsubscribe from this group, send email to >>>> > nodejs+un...@**googlegroups.com >>>> >>>> > For more options, visit this group at >>>> > http://groups.google.com/**group/nodejs?hl=en?hl=en<http://groups.google.com/group/nodejs?hl=en?hl=en> >>>> > >>>> > --- >>>> > You received this message because you are subscribed to the Google >>>> Groups >>>> > "nodejs" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an >>>> > email to nodejs+un...@**googlegroups.com. >>>> >>>> > For more options, visit >>>> > https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>>> . >>>> > >>>> > >>>> > >>>> > >>>> > -- >>>> > -- >>>> > Job Board: http://jobs.nodejs.org/ >>>> > Posting guidelines: >>>> > https://github.com/joyent/**node/wiki/Mailing-List-** >>>> Posting-Guidelines<https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines> >>>> > You received this message because you are subscribed to the Google >>>> > Groups "nodejs" group. >>>> > To post to this group, send email to [email protected] >>>> >>>> > To unsubscribe from this group, send email to >>>> > nodejs+un...@**googlegroups.com >>>> >>>> > For more options, visit this group at >>>> > http://groups.google.com/**group/nodejs?hl=en?hl=en<http://groups.google.com/group/nodejs?hl=en?hl=en> >>>> > >>>> > --- >>>> > You received this message because you are subscribed to the Google >>>> Groups >>>> > "nodejs" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an >>>> > email to nodejs+un...@**googlegroups.com. >>>> >>>> > For more options, visit >>>> > https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>>> . >>>> > >>>> > >>>> >>>> -- >>>> -- >>>> Job Board: http://jobs.nodejs.org/ >>>> Posting guidelines: https://github.com/joyent/**node/wiki/Mailing-List- >>>> **Posting-Guidelines<https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines> >>>> You received this message because you are subscribed to the Google >>>> Groups "nodejs" group. >>>> To post to this group, send email to [email protected] >>>> >>>> To unsubscribe from this group, send email to >>>> nodejs+un...@**googlegroups.com >>>> >>>> For more options, visit this group at >>>> http://groups.google.com/**group/nodejs?hl=en?hl=en<http://groups.google.com/group/nodejs?hl=en?hl=en> >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "nodejs" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to nodejs+un...@**googlegroups.com. >>>> >>>> For more options, visit >>>> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>>> . >>>> >>>> >>>> >>> -- >> -- >> Job Board: http://jobs.nodejs.org/ >> Posting guidelines: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> You received this message because you are subscribed to the Google >> Groups "nodejs" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nodejs?hl=en?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "nodejs" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
