Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Library dependencies compatibility for non-commercial use [closed]

I am currently doing my graduate studies with focus on data analysis/informatics in research context and develop utility tools for global research community, with an overwhelming majority of my intended users being rather computer-newbies. In other words, most of my users wouldn't bother (or be able to) gather necessary dependencies and put them in their classpaths. In order to avoid people ignoring my software I have been distributing it as a "fat-jar" with all dependencies contained in one executable file.

I have been reading a bit about software licensing, and realized that it might be legally tricky to do so without paying quite a bit of attention to individual licenses of libraries. I've gone through a number of questions here on StackOverflow (a thorough collection below) but ended up getting more and more confused. Please note that I am fully aware that there are many other questions about software licensing however not in the context of self-contained packages, I have listed many great questions below which provide a bit of the puzzle but not a straight-forward answer in my scenario.

I would greatly appreciate if developers who are more experienced/well-read on the matter could shed some light to the matter by confirming or denying the statements below. I think it could be useful for people who are not programmers but profession but are getting more and more into programming. My understanding is:

  • As long as you do not re-distribute your dependencies, it doesn't really matter what licenses they have, compared with what license you choose for your own project. [Unfortunately going this way would also mean that I would alienate/intimidate a significant portion of my userbase]

  • If you are re-distributing all your dependencies then your project license should be compatible with your dependencies. [Thus I as a developer have to know details of licenses for each dependency??]

  • GPL is the most strict open source license out there (from the common ones), thus if I use a library under GPL license, my own project has to be under GPL as well, which could in theory be contradicting with the license of some other dependency.

  • Assuming my project is under GPL, the fact that the project is non-commercial doesn't matter, it also has to be open source. [This is rather tricky in my situation as algorithms and computational methods need to be "novel" to be published]

Have I misunderstood or simply missed something important or is this a good summary of the situation? Given my situation, do I have other options that I might not have mentioned here/thought of, for instance would it be possible to avoid issues regarding licenses for my dependencies?


References:

Should I be concerned with large number of dependencies?

Which licences are compatible with each other?

Where can I find an authoritative overview of open source licences?

How do you choose an open-source license?

Searching for non-commercial license for source code

Is it legal way to get use GPL code in close-source application through plugin?

How do I tell if I can re-use a 'free' software library in a commercial app? [closed]

Correctly Applying an Open Source License (in particular this answer by @Michael Aaron Safyan)

How do I find the open source license that is right for my project?

How to use an Open Source License

How do you choose an open-source license?

like image 352
posdef Avatar asked Jun 14 '12 12:06

posdef


1 Answers

As long as you do not re-distribute your dependencies, it doesn't really matter what licenses they have, compared with what license you choose for your own project.

Yea, that is true ... for open source dependencies with mainstream licenses. But:

  • It forces your users to download all of the dependencies which is a bad idea.
  • For proprietary dependencies (and open source dependencies with "crazy" licenses) it is possible that the license forbids this, or makes it hard(-er) for your users by forbidding them from doing things.

If you are re-distributing all your dependencies then your project license should be compatible with your dependencies.

Yes. But that is not usually hard. There places to go to find out what licenses are compatible with what others; e.g. the FSF's GPL pages.

[Thus I as a developer have to know details of licenses for each dependency??]

Yes. But you can simplify this by only using dependencies with licenses that are safe. (And most open source licenses are.)

GPL is the most strict open source license out there (from the common ones), thus if I use a library under GPL license, my own project has to be under GPL as well ...

Yes. However, note there is a big difference between GPL and LGPL. LGPL does not have this restriction.

... which could in theory be contradicting with the license of some other dependency.

In theory yes. In practice, GPL allows use of libraries with most other open source licenses. The only problems would be if the other library's license required something that the GPL forbids; i.e. like placing extra conditions on downstream users, packagers, etc.

Assuming my project is under GPL, the fact that the project is non-commercial doesn't matter, it also has to be open source.

That is correct.

[This is rather tricky in my situation as algorithms and computational methods need to be "novel" to be published]

I think you are making a big issue out of something that shouldn't be an issue at all:

  • If you are worried about other people stealing your ideas before you publish, hold off distributing your code until you have published. This is plain common sense ... and not a licensing issue.

  • I don't think that an editor / reviewer would reject your work for publication if the algorithms and methods are embodied in your previously distributed software. Your publication just has to be novel with respect to the publication media ...

... would it be possible to avoid issues regarding licenses for my dependencies?

  • You could write all of your own code from ground up, or hire someone else to do it for you. (Not realistic)

  • You could use commercial software for all of your dependencies, and pay for the right to redistribute.

  • You could contact the copyright holders of your dependencies, and negotiate an alternative license agreement. (That assumes that they are contactable, and willing to negotiate.)

But you can't ignore the issue.

The bottom line is that you are getting something for free when you build your code with open source dependencies, but the quid pro quo is that you have to play by the rules in return. If you don't like the rules, find a different way that doesn't involve open source.

like image 178
Stephen C Avatar answered Oct 23 '22 13:10

Stephen C