Thanks for the useful anecdote Mark. Isaac: NOT having a license is an issue for anyone that has a requirement for understanding the intellectual property rights of the module they are using.
My suggestion was to not enforce a license, but to print a warning if one does not exist. fwiw: I was pretty heavily involved in the OSS movement when it started in the 90s and have spent far to much time with lawyers who had widely differing opinions about software license issues when I was dealing with a myriad of them when I was running ActiveState. In my experience, I learned that distribution happens when someone downloads the package, and the license needs to communicated to the person who downloads. Inclusion of a LICENSE file in the package or in each source file is common practice. Not having a license, or referring to a license that is not ambiguous can be problematic. (MIT is ambiguous, Apache License, Version 2.0 is not). As Mark points out, not having a clear intellectual property declaration can render useful software useless to some people. By encouraging best practices, we make it a non-issue. -- Dick On Mar 27, 2013, at 10:22 AM, Mark Hahn <[email protected]> wrote: > Even as a non-lawyer, I can assert that having no mention of any license at > all is a real problem. My company won't allow any software to be used > without a license. > > By coincidence our lawyers contacted me a few days ago and wanted to know the > licensing for the software we use. I went to google on every module and I > found four different modules with no mention of any license. I sent a > request for a license to each author (usually submitting an issue). > > I am bummed because I have gotten only one response. I will have to remove > the non-licensed code, replace it, and rewrite my code. I hate doing work > just for lawyers. > > > On Wed, Mar 27, 2013 at 10:14 AM, Isaac Schlueter <[email protected]> wrote: > I had no idea there were so many experienced IP lawyers on this > mailing list! How lucky we are! It's amazing that you all found time > to learn JavaScript, what with going to law school, passing the bar, > and then becoming familiar with the massive libraries of case-law on > this subject! > > Sadly, I'm not a lawyer, just a simple programmer. So I'm not an > expert on these matters, and as a non-expert, I'm not really > comfortable encoding strong opinions in npm on the subject. This way, > npm is a tool, and humans can work out their preferences using it, > however they like. > > Depending on who you ask, to be valid/enforceable, a license must be > one or more of the following: > > 1. declared in every file > 2. declared in any file > 3. declared somewhere in a file along with the source > 4. mentioned by the author, ever, in any context (even verbally) > 5. mentioned along with a link to the full text > 6. mentioned by name > 7. exist in a database of osi-approved licenses > 8. exist in the author's head, even if never mentioned, linked, or > printed anywhere else > 9. differentiate between variants of the name (ie, "BSD" is not ok, > but "BSD-2-clause" is) > 10. Nothing. OSS/Free Software licenses aren't actually enforceable. > > Yes, all of these are real statements that real people have made to > me, very confident that they were correct. Some of those people were > lawyers. Most were just programmers playing pretend. But as a > non-legal-expert myself, I have a hard time telling the difference > between a good lawyer, a bad lawyer, and a duck in a lawyer costume. > > npm has a "license" field, and the common pattern is to also put a > LICENSE (or LICENCE, for imperials) file in the root of your project. > Do whatever you want. I'm not going to get more involved than that. > > For me, if you send me a pull req with the same BSD license that I put > on all my code, I'll accept it without question. > > > > On Wed, Mar 27, 2013 at 10:00 AM, Dick Hardt <[email protected]> wrote: > > Actually, that is not true. There are several MIT licenses, so unless the > > actual license text is included, it is ambiguous what the license is: > > > > http://en.wikipedia.org/wiki/MIT_License#Various_versions > > > > Having a LICENSE file in the package makes it clear what the license is, or > > alternatively stating the full license in the README.md > > > > -- Dick > > > > On Mar 27, 2013, at 9:55 AM, Austin William Wright > > <[email protected]> wrote: > > > > A license is something that is granted by the author at distribution-time, > > it need not be included in the package contents. If an author wholly owns > > the copyright on their work, they can offer the program to you under any > > license they want, regardless of what the file inside the repository or > > package says. > > > > So that paragraph doesn't actually, really, do anything - it's not a > > clause/stipulation (that is to say, it has no "teeth"). Granted that the > > author is able to make the full text of the license available upon request, > > a package that the author says is MIT licensed, even without including the > > full text, is still MIT licensed. > > > > On Wednesday, March 27, 2013 9:12:03 AM UTC-7, kapouer wrote: > >> > >> Hi, > >> saying the author's work is MIT licensed is not enough, > >> the full text of the license must be there too, as written > >> in its second paragraph : > >> > >> The above copyright notice and this permission notice shall be > >> included in all copies or substantial portions of the Software. > >> > >> I write this here because i see countless node modules in this case, > >> whose authors probably believe their software to have a very liberal, > >> free, and open-source license - but they have de facto no license at all. > >> > >> Jérémy. > >> > >> PS: because i see one module per day in this situation > > > > > > -- > > -- > > Job Board: http://jobs.nodejs.org/ > > Posting guidelines: > > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > > You received this message because you are subscribed to the Google > > Groups "nodejs" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected] > > For more options, visit this group at > > http://groups.google.com/group/nodejs?hl=en?hl=en > > > > --- > > You received this message because you are subscribed to the Google Groups > > "nodejs" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > > > > > -- > > -- > > Job Board: http://jobs.nodejs.org/ > > Posting guidelines: > > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > > You received this message because you are subscribed to the Google > > Groups "nodejs" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected] > > For more options, visit this group at > > http://groups.google.com/group/nodejs?hl=en?hl=en > > > > --- > > You received this message because you are subscribed to the Google Groups > > "nodejs" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
