Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bumped license years and added font license #5948

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

fthobe
Copy link
Contributor

@fthobe fthobe commented Nov 20, 2024

Summary

The license file was not aligned with the legal requiremenets of the assets contained in the repo.

Modifications made

Aligned license.md with reality:

  • added icon license (required by the icon license)
  • added solidus own FreeBSD license
  • bumped year of the license to 2024

Fixes: #5947 and bumps FreeBSD license to current year

Aligned license.md with reality: 
- added icon license (required by the icon license)
- added solidus own FreeBSD license
- bumped year of the license to 2024
@fthobe fthobe requested a review from a team as a code owner November 20, 2024 16:54
@github-actions github-actions bot added the changelog:repository Changes to the repository not within any gem label Nov 20, 2024
Copy link

codecov bot commented Nov 20, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.45%. Comparing base (104f813) to head (dc54f8d).

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #5948      +/-   ##
==========================================
- Coverage   89.54%   89.45%   -0.09%     
==========================================
  Files         782      782              
  Lines       17997    17997              
==========================================
- Hits        16116    16100      -16     
- Misses       1881     1897      +16     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.


🚨 Try these New Features:

Copy link
Member

@jarednorman jarednorman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IANAL and am unsure of best practices around this.

On the RemixIcon license: My gut tells me we should include the licenses as separate files, but I'd love to see examples of what other projects do here. I'm also curious if we need to have these icons included in the repo itself at all, or if they can be included via a package, rendering the licensing issue moot.

On the change of the Solidus license: "solidus.io" is not a legal entity and can't hold a copyright and I don't know what right we have to change the license anyway (even if the only change is the copyright holders).

It says right there in the existing license, "Redistributions of source code must retain the above copyright notice". We can't just change that. That's not how software licensing works.

@tvdeyen
Copy link
Member

tvdeyen commented Nov 21, 2024

Regarding the remix icon license. Good practice is to put it right beside where the icon file lives. Definitely not inside our license file.

Regarding the solidus vs. spree license. My gut tells me to have two separate files, but I would like to see examples of how other forks of open source software handled this in the past before we make any decisions.

*) Obvious IANAL disclaimer

@fthobe
Copy link
Contributor Author

fthobe commented Nov 21, 2024

Regarding the remix icon license. Good practice is to put it right beside where the icon file lives. Definitely not inside our license file.

This is TBH personal preference and I feel absolutely ok with both. How about I make a pull request just for that as we all seem to have common ground here.

Regarding the solidus vs. spree license. My gut tells me to have two separate files, but I would like to see examples of how other forks of open source software handled this in the past before we make any decisions.

*) Obvious IANAL disclaimer

I would warmly suggest that there's a decision regarding the copyright party picking either of

  • Collective
  • individual
  • association (eg a foundation)

I have to check very strictly due to external compliance requirements, but I have the feeling that compliance has been neglected a little on this repo.

Surely no active copy right owner can't be right as long as the code is not public domain (which by force of the BSD license it is not).

Just keep in mind that there are (might be interesting for you @jarednorman) forms of not incorporated associations (would be the nicht eingetragener Verein in Germany) and here the threshold might already be met given a clear code of conduct, but not for Italy for example. I know that right now I would not implement solidus (nor spree) for the given issues in our application stack (usually where there's smoke there's fire).

@jarednorman
Copy link
Member

"other contributors" covers all the other groups of people that contribute to Solidus, and so I believe we only need to update the dates on the existing license. Spree Commerce Inc. (if the entity even still exists) retains the copyright of their contributions that still exist in the project.

Copyright © 2007-2024, Spree Commerce Inc. and other contributors.

@fthobe
Copy link
Contributor Author

fthobe commented Nov 22, 2024

"other contributors" covers all the other groups of people that contribute to Solidus, and so I believe we only need to update the dates on the existing license. Spree Commerce Inc. (if the entity even still exists) retains the copyright of their contributions that still exist in the project.


Copyright © 2007-2024, Spree Commerce Inc. and other contributors.

Man, there's not much spree is doing better, but the license stuff definitely.

As far as I understood some active companies are contributing (Nebulab, supergood,...) take some credit and put your label on it. It's FreeBSD license anyway. Surely Spree Inc can't have it for anything dating after the liquidation and nobody is gonna claim damages for anything as this software is free as a bird. You people run the show and as mildly annoying as I personally might find that, credit definitely goes to you people.

image

@jarednorman
Copy link
Member

Alright, we should retain the existing license then and add an additional copyright line specifying that going forward that the copyright holders are the members of core and other contributors. Something like that.

@fthobe
Copy link
Contributor Author

fthobe commented Nov 27, 2024

Alright, we should retain the existing license then and add an additional copyright line specifying that going forward that the copyright holders are the members of core and other contributors. Something like that.

Hey,
given the profound IANAL Vibes here, we offered to Solidus core to split costs on having it vetted by a Lawyer and will do so this week, stay tuned :)

@jarednorman
Copy link
Member

Yes, we discussed that internally and everyone agreed that having a lawyer make the correct call for us here is the best course of action.

@fthobe
Copy link
Contributor Author

fthobe commented Dec 2, 2024

ok guys,

  • I spoke to the lawyer on friday and we are officially going to tackle this within the next weeks regarding the spree BSD license

  • Regarding the included 3rd party assets we can tackle them in three ways:

  1. Boilerplate License inside the code
  2. Separate license file with the 3rd party code
  3. Integrated into the license.md file

I have a strong preference for cumulative license.md files, but I understand diverging preferences.

Do we have anything apart from the icons and tailwind that needs to be licensed separately?

Missing Licenses

  • Tailwind
  • Icons
  • Fonts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
changelog:repository Changes to the repository not within any gem
Projects
None yet
Development

Successfully merging this pull request may close these issues.

License Issue Remixicon
3 participants