Create LICENSE #45
Create LICENSE #45
Conversation
There was a problem hiding this comment.
@ekohl are you fine with this as well? We should have added a license when the repo was created.
|
Oh, this is an excellent question. I don't know AGPL that well or how it would apply. @rwaffen was any specific consideration behind choosing AGPL? |
|
nope, i/we choose it mainly for our company repos. but no hard feelings here |
|
bump. |
|
I think this is important, but I'm not familiar enough with licenses to fully understand the implications. I like the GPL and its obligation to publicly release changes, but is it legal for a non-GPL licensed project (in this case a Puppet module) to use this action? There is some linking clause, but does that apply here? A lot of modules are Apache-2.0 and if that combination would be incompatible, Vox Pupuli would have a problem. |
|
oh okay, i don't know that. but we can switch to apache2 so that the modules and this action are on the same license. as i said, no hard feelings here, just wanted to add a LICENSE at all 😃 |
|
I've asked some colleagues but I might reach out to our legal department for advice. I'm certain they would know. |
|
Hi, Using a dependency in a CI pipeline isn't a problem. Important is what we ship. Because of that, I chose AGPL-3 for voxpupuli-puppet-lint-plugins instead of Apache-2. But! Now that Vox Pupuli has $1,624.14 USD on the open-collective account, maybe we can use the money and ask an actual lawyer (please take a look at voxpupuli/plumbing#260, we don't have a process yet to decide how to spend money)? |
There was a problem hiding this comment.
Do we need to get permission from all authors for this?
$ git log --pretty="%aN" | sort -u
Alexander Fisher
Brian Schonecker
dependabot[bot]
Ewoud Kohl van Wijngaarden
Romain Tartière
Tim Meusel
Yury BushmelevIf so, it would be nice to have approvals on this PR from @alexjfisher, @bschonec, @ekohl, @smortex, @bastelfreak and @jay7x.
|
Yes we need their approval. |
|
approved |
|
Personally, I favour a more permissive license (like MIT or Apache-2) which is compatible with the rest of the puppet ecosystem. I can't see why we're putting restrictions on people wanting to use modified forks of these actions. If someone wants to fork this action to make a custom version (eg. with perhaps a customised release action) they're not allowed to unless they publish those changes under the same license?? This is a fairly trivial project, so perhaps it doesn't really matter, but I strongly object to AGPL being chosen as a default license for Vox projects. IMO, it create far more hassle than it's worth. eg. There are companies that have opensource policies that explicitly ban AGPL and this forces users into having to go through arduous internal legal processes to get exceptions granted etc. |
@ekohl Does your list include those who only did merge commits? I might have an opinion, but don't think I actually wrote anything here. You should also check here though. https://github.com/voxpupuli/modulesync_config/commits/master/moduleroot/.github/workflows |
|
Since the code was originally moved from https://github.com/voxpupuli/modulesync_config and that was always licensed with Apache-2, maybe just stick with that? ;) |
|
oh my, i started something here... 🫣
I would love to do that. because who is a actual copyright lawyer here? |
Nodody. Spending funds on this would be a huge waste IMO. 95% of the code is basically @ekohl 's There are other committers, who would need to be asked, but there are probably some cases where their changes are so minor/trivial you might struggle to claim copyright (eg. fixing a typo wouldn't count as there's only one solution) |
|
The license question came up a few times, in different projects. It might not be required to ask a a lawyer for this specific repo, but I think it makes sense for Vox Pupuli as a whole. |
|
okay, so now we have two topics:
the discussion for general license stuff i'd like to move to plumbing and stick in this PR to the question "what license shall we take for this repo" |
|
No problem for re-licensing my insignificant changes to this repo to anything that please you 😄 <bikeshedding>Regarding the license itself, I don't really care… AGPL is maybe nice for those who like copyleft, but I prefer simpler more permissive licenses that do not require a lawyer to understand what we can and cannot do with a piece of code.</bikeshedding> |
You're right that it includes merges: $ git log --pretty="%aN" --no-merges | sort -u
Brian Schonecker
dependabot[bot]
Ewoud Kohl van Wijngaarden
Romain Tartière
Tim Meusel
Yury Bushmelev
git log --pretty="%aN" --no-merges moduleroot/.github/workflows | sort -u
Christos Papageorgiou
Ewoud Kohl van Wijngaarden
Garrett Honeycutt
John Bond
Romain Tartière
Steve Traylen
Tim MeuselThough I'd say John Bond should be left out since his only change was to drop some lines. |
|
We need to add a LICENSE file to the v3 branch as well. @alexjfisher, @bschonec, @smortex, please approve or raise objection to this PR by 2024-09-20. |
|
The only opinion I have is that freedom should not be restricted. I have no idea of the implications of licensing and will defer to the Voxpupuli community. |
No description provided.