这是indexloc提供的服务,不要输入任何密码
Skip to content

Dual license PD and ISC, so that public ISC via npm is recognized. #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Dual license PD and ISC, so that public ISC via npm is recognized. #94

wants to merge 1 commit into from

Conversation

@tracker1
Copy link

@tracker1 tracker1 commented Feb 24, 2016

@dchest

  • Added ISC license, and related comment in package.json... ISC is the most permissive, least verbose recognized license.
  • Added COPYING.txt as advised, recognizing public domain dedication

This should satisfy the need for a license in upstream use, as well as keeping public domain dedication for derivative works.

I came across the licensing issue in my workplace via phatomjs -> request -> http-signature -> sshpk -> tweetnacl and am sure others have had a similar issue with an unlicensed usage.

Add recognized license type, and dedication LICENSE.txt
6d850e9 
Add ISC permissive license and COPYING.txt

fix typo
@dchest
Copy link
Owner

dchest commented Feb 24, 2016

Would you consider changing to ISC? It's pretty much the same level of permissiveness as CC0/PD, but at least is a "license" ... legally, it's still copyrighted automatically, and one cannot waive those rights except by license... even a license that does waive all rights on the work and derivatives... at least that's how it's been explained to me in the past.

That's not true. You have certain copyrights after creating a work. You can license these rights or dedicate them to public domain. Public domain dedication is not licensing.

As I said, I can put any license to my work of porting the code and creating high-level code, but the original work, which TweetNaCl.js is a derivative of, is still under public domain — with a statement on its home page:

TweetNaCl is a self-contained public-domain C library, so it can easily be integrated into applications.

Thus your legal department, if they find this out will still be left with handing "public domain".

"license" : "SEE LICENSE IN COPYING.txt"

I can do this, this will also solve npm warning.

@tracker1
Copy link
Author

tracker1 commented Feb 24, 2016

@dchest sorry, updated my comment with the PR... would dual-licensing, or PD + ISC as described in the PR work?

@anri-asaturov
Copy link

anri-asaturov commented Feb 24, 2016

I wonder if one can fork a repo as a private person and then change the license in his fork to whatever the legal team wants and use that fork.

@tracker1
Copy link
Author

tracker1 commented Feb 24, 2016

That would require going through and updating a chain of 4 upstream dependencies...

@tracker1
Copy link
Author

tracker1 commented Feb 24, 2016

It's not impossible, walked through that on a deeply nested bug a couple years ago, but it wasn't fun.

@tracker1
Copy link
Author

tracker1 commented Feb 24, 2016

@anri-asaturov upstream npm modules?

@dchest
Copy link
Owner

dchest commented Feb 24, 2016

@anri-asaturov probably you can fool a legal team with a fork, but the original problem is not solved: if they don't want public domain code, the original work is still in public domain, and thus they don't want your derivative. This is why it's pointless for me to dual-license it.

@tracker1
Copy link
Author

tracker1 commented Feb 24, 2016

@dchest honestly, I'm not sure if it's that it's public domain, or that npm doesn't recognize the license, so it shows up as no license... in either case, they probably didn't dig deeper, and I'm several layers removed from the decision makers on this... part of this is speculation.. my guess is a permissive license (dual license) would be enough to get through this for myself, and most others... I don't think they've actually looked at it as far as I have.

@tracker1
Copy link
Author

tracker1 commented Feb 24, 2016

I get it... it's stupid, and they should have let it through, in all reality... this isn't even for redistribution, it's for an automated testing tool on a project... In order to pull through, all modules are deployed (specific versions) from an internal npm server, with only approved modules... :-(

@tracker1 tracker1 changed the title Add recognized license type, and dedication LICENSE.txt Dual license PD and ISC, so that public ISC via npm is recognized. Feb 24, 2016
@dchest
Copy link
Owner

dchest commented Feb 24, 2016

Let's try this:

cd9f8e4

if you're okay with this, I'll publish to npm.

@tracker1
Copy link
Author

tracker1 commented Feb 25, 2016

I'm willing to give it a try.. :-)

@dchest
Copy link
Owner

dchest commented Feb 25, 2016

Good, published v0.14.1. Please let us know how it goes :)

@dchest dchest closed this Feb 25, 2016
dchest referenced this pull request Mar 11, 2016
@dchest
Add COPYING.txt with public domain dedication
cd9f8e4 
Change "license" field in package.json and bower.json to:

"license" : "SEE LICENSE IN COPYING.txt"

to avoid NPM warning.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tracker1 @dchest @anri-asaturov