• MIT + explicit "Don't sell this code." - DFSG compliant?

    From Fab Stz@21:1/5 to All on Mon Feb 28 15:10:01 2022
    Hello,

    I am wondering if something like this is fit to enter Debian:

    There is a web tool written in PHP that I try to package for Debian.
    I would like to use Tagify in that project by adding the minified js.

    Now the thing is that officially the project is licensed under MIT with a MIT license file at the root of the project directory
    .
    However when looking at the header of the distributed files, there is this

    /**
    * Tagify (v 4.9.8) - tags input component
    * By Yair Even-Or
    * Don't sell this code. (c)
    * https://github.com/yairEO/tagify
    */

    So, no mention of MIT and only mention of Don't sell this code.

    I filed an issue [2] upstream about this inconsistency.

    Could this actually enter a Debian package?

    I'm wondering because of the JSON no evil [3] case.

    Regards,
    Fab


    [1]: https://github.com/yairEO/tagify
    [2]: https://github.com/yairEO/tagify/issues/996
    [3]: https://wiki.debian.org/qa.debian.org/jsonevil

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Given@21:1/5 to Fab Stz on Mon Feb 28 15:30:01 2022
    I believe this is equivalent to the 'no commercial use' clause which
    violates guideline 6 ('no discrimination against fields of endeavor, like commercial use'). Apart from anything else, inclusion would mean that
    Debian wouldn't be able to sell DVDs with this package in it.

    On Mon, 28 Feb 2022 at 15:00, Fab Stz <fabstz-it@yahoo.fr> wrote:

    Hello,

    I am wondering if something like this is fit to enter Debian:

    There is a web tool written in PHP that I try to package for Debian.
    I would like to use Tagify in that project by adding the minified js.

    Now the thing is that officially the project is licensed under MIT with a
    MIT
    license file at the root of the project directory
    .
    However when looking at the header of the distributed files, there is this

    /**
    * Tagify (v 4.9.8) - tags input component
    * By Yair Even-Or
    * Don't sell this code. (c)
    * https://github.com/yairEO/tagify
    */

    So, no mention of MIT and only mention of Don't sell this code.

    I filed an issue [2] upstream about this inconsistency.

    Could this actually enter a Debian package?

    I'm wondering because of the JSON no evil [3] case.

    Regards,
    Fab


    [1]: https://github.com/yairEO/tagify
    [2]: https://github.com/yairEO/tagify/issues/996
    [3]: https://wiki.debian.org/qa.debian.org/jsonevil





    <div dir="ltr">I believe this is equivalent to the &#39;no commercial use&#39; clause which violates guideline 6 (&#39;no discrimination against fields of endeavor, like commercial use&#39;). Apart from anything else, inclusion would mean that Debian
    wouldn&#39;t be able to sell DVDs with this package in it.<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 28 Feb 2022 at 15:00, Fab Stz &lt;<a href="mailto:fabstz-it@yahoo.fr">fabstz-it@yahoo.fr</a>&gt; wrote:<br></div><
    blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>

    I am wondering if something like this is fit to enter Debian:<br>

    There is a web tool written in PHP that I try to package for Debian.<br>
    I would like to use Tagify in that project by adding the minified js.<br>

    Now the thing is that officially the project is licensed under MIT with a MIT <br>
    license file at the root of the project directory<br>
    .<br>
    However when looking at the header of the distributed files, there is this<br>

    /**<br>
     * Tagify (v 4.9.8) - tags input component<br>
     * By Yair Even-Or<br>
     * Don&#39;t sell this code. (c)<br>
     * <a href="https://github.com/yairEO/tagify" rel="noreferrer" target="_blank">https://github.com/yairEO/tagify</a><br>
     */<br>

    So, no mention of MIT and only mention of Don&#39;t sell this code.<br>

    I filed an issue [2] upstream about this inconsistency.<br>

    Could this actually enter a Debian package?<br>

    I&#39;m wondering because of the JSON no evil [3] case.<br>

    Regards,<br>
    Fab<br>


    [1]: <a href="https://github.com/yairEO/tagify" rel="noreferrer" target="_blank">https://github.com/yairEO/tagify</a><br>
    [2]: <a href="https://github.com/yairEO/tagify/issues/996" rel="noreferrer" target="_blank">https://github.com/yairEO/tagify/issues/996</a><br>
    [3]: <a href="https://wiki.debian.org/qa.debian.org/jsonevil" rel="noreferrer" target="_blank">https://wiki.debian.org/qa.debian.org/jsonevil</a><br>



    </blockquote></div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Given@21:1/5 to Fab Stz on Tue Mar 1 15:00:01 2022
    Given the usual disclaimers that I barely speak for myself, let alone
    anyone else, that I'm not a member of the Debian and my opinion is worth precisely what an anonymous voice on a mailing list says...

    The usual recommendations are to pick a standard OSI compliant license and
    not customise it. Using a standard license makes life easier for users
    because they don't have to think about the implications --- everyone
    already knows what BSD licenses, GPL licenses etc mean. My usual analogy is
    to suggest thinking about it like an API. https://choosealicense.com/ is a
    good resource here and gives reasonable advice.

    I'd suggest that if the author is concerned about people using their work commercially, then the author should look at the LGPL: this will make it
    easy to for users to use the library in another program, but will require
    that if the user modifies it or base work on it, they have to distribute
    the modified source.

    On Tue, 1 Mar 2022 at 14:35, Fab Stz <fabstz-it@yahoo.fr> wrote:

    Thank you David for your answer.

    The author asked me what he could do to be DFSG compliant.

    I pointed him to this mailing list, to the wikipedia & wiki.debian.net
    page on
    DFSG. Any other suggestion?

    Regards


    Le lundi 28 février 2022, 15:23:28 CET David Given a écrit :
    I believe this is equivalent to the 'no commercial use' clause which violates guideline 6 ('no discrimination against fields of endeavor, like commercial use'). Apart from anything else, inclusion would mean that Debian wouldn't be able to sell DVDs with this package in it.

    On Mon, 28 Feb 2022 at 15:00, Fab Stz <fabstz-it@yahoo.fr> wrote:
    Hello,

    I am wondering if something like this is fit to enter Debian:

    There is a web tool written in PHP that I try to package for Debian.
    I would like to use Tagify in that project by adding the minified js.

    Now the thing is that officially the project is licensed under MIT
    with a
    MIT
    license file at the root of the project directory
    .
    However when looking at the header of the distributed files, there is
    this

    /**

    * Tagify (v 4.9.8) - tags input component
    * By Yair Even-Or
    * Don't sell this code. (c)
    * https://github.com/yairEO/tagify
    */

    So, no mention of MIT and only mention of Don't sell this code.

    I filed an issue [2] upstream about this inconsistency.

    Could this actually enter a Debian package?

    I'm wondering because of the JSON no evil [3] case.

    Regards,
    Fab


    [1]: https://github.com/yairEO/tagify
    [2]: https://github.com/yairEO/tagify/issues/996
    [3]: https://wiki.debian.org/qa.debian.org/jsonevil






    <div dir="ltr"><div>Given the usual disclaimers that I barely speak for myself, let alone anyone else, that I&#39;m not a member of the Debian and my opinion is worth precisely what an anonymous voice on a mailing list says...</div><div><br></div><div>
    The usual recommendations are to pick a standard OSI compliant license and not customise it. Using a standard license makes life easier for users because they don&#39;t have to think about the implications --- everyone already knows what BSD licenses,
    GPL licenses etc mean. My usual analogy is to suggest thinking about it like an API. <a href="https://choosealicense.com/">https://choosealicense.com/</a> is a good resource here and gives reasonable advice.</div><div><br></div><div>I&#39;d suggest that
    if the author is concerned about people using their work commercially, then the author should look at the LGPL: this will make it easy to for users to use the library in another program, but will require that if the user modifies it or base work on it,
    they have to distribute the modified source.<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 1 Mar 2022 at 14:35, Fab Stz &lt;<a href="mailto:fabstz-it@yahoo.fr">fabstz-it@yahoo.fr</a>&gt; wrote:<br></div><blockquote
    class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Thank you David for your answer.<br>

    The author asked me what he could do to be DFSG compliant.<br>

    I pointed him to this mailing list, to the wikipedia &amp; <a href="http://wiki.debian.net" rel="noreferrer" target="_blank">wiki.debian.net</a> page on <br>
    DFSG. Any other suggestion?<br>

    Regards<br>


    Le lundi 28 février 2022, 15:23:28 CET David Given a écrit :<br>
    &gt; I believe this is equivalent to the &#39;no commercial use&#39; clause which<br>
    &gt; violates guideline 6 (&#39;no discrimination against fields of endeavor, like<br>
    &gt; commercial use&#39;). Apart from anything else, inclusion would mean that<br>
    &gt; Debian wouldn&#39;t be able to sell DVDs with this package in it.<br>
    &gt; <br>
    &gt; On Mon, 28 Feb 2022 at 15:00, Fab Stz &lt;<a href="mailto:fabstz-it@yahoo.fr" target="_blank">fabstz-it@yahoo.fr</a>&gt; wrote:<br>
    &gt; &gt; Hello,<br>
    &gt; &gt; <br>
    &gt; &gt; I am wondering if something like this is fit to enter Debian:<br> &gt; &gt; <br>
    &gt; &gt; There is a web tool written in PHP that I try to package for Debian.<br>
    &gt; &gt; I would like to use Tagify in that project by adding the minified js.<br>
    &gt; &gt; <br>
    &gt; &gt; Now the thing is that officially the project is licensed under MIT with a<br>
    &gt; &gt; MIT<br>
    &gt; &gt; license file at the root of the project directory<br>
    &gt; &gt; .<br>
    &gt; &gt; However when looking at the header of the distributed files, there is this<br>
    &gt; &gt; <br>
    &gt; &gt; /**<br>
    &gt; &gt; <br>
    &gt; &gt;  * Tagify (v 4.9.8) - tags input component<br>
    &gt; &gt;  * By Yair Even-Or<br>
    &gt; &gt;  * Don&#39;t sell this code. (c)<br>
    &gt; &gt;  * <a href="https://github.com/yairEO/tagify" rel="noreferrer" target="_blank">https://github.com/yairEO/tagify</a><br>
    &gt; &gt;  */<br>
    &gt; &gt; <br>
    &gt; &gt; So, no mention of MIT and only mention of Don&#39;t sell this code.<br>
    &gt; &gt; <br>
    &gt; &gt; I filed an issue [2] upstream about this inconsistency.<br>
    &gt; &gt; <br>
    &gt; &gt; Could this actually enter a Debian package?<br>
    &gt; &gt; <br>
    &gt; &gt; I&#39;m wondering because of the JSON no evil [3] case.<br>
    &gt; &gt; <br>
    &gt; &gt; Regards,<br>
    &gt; &gt; Fab<br>
    &gt; &gt; <br>
    &gt; &gt; <br>
    &gt; &gt; [1]: <a href="https://github.com/yairEO/tagify" rel="noreferrer" target="_blank">https://github.com/yairEO/tagify</a><br>
    &gt; &gt; [2]: <a href="https://github.com/yairEO/tagify/issues/996" rel="noreferrer" target="_blank">https://github.com/yairEO/tagify/issues/996</a><br>
    &gt; &gt; [3]: <a href="https://wiki.debian.org/qa.debian.org/jsonevil" rel="noreferrer" target="_blank">https://wiki.debian.org/qa.debian.org/jsonevil</a><br>




    </blockquote></div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Fab Stz@21:1/5 to All on Tue Mar 1 15:00:01 2022
    Thank you David for your answer.

    The author asked me what he could do to be DFSG compliant.

    I pointed him to this mailing list, to the wikipedia & wiki.debian.net page on DFSG. Any other suggestion?

    Regards


    Le lundi 28 février 2022, 15:23:28 CET David Given a écrit :
    I believe this is equivalent to the 'no commercial use' clause which
    violates guideline 6 ('no discrimination against fields of endeavor, like commercial use'). Apart from anything else, inclusion would mean that
    Debian wouldn't be able to sell DVDs with this package in it.

    On Mon, 28 Feb 2022 at 15:00, Fab Stz <fabstz-it@yahoo.fr> wrote:
    Hello,

    I am wondering if something like this is fit to enter Debian:

    There is a web tool written in PHP that I try to package for Debian.
    I would like to use Tagify in that project by adding the minified js.

    Now the thing is that officially the project is licensed under MIT with a MIT
    license file at the root of the project directory
    .
    However when looking at the header of the distributed files, there is this

    /**

    * Tagify (v 4.9.8) - tags input component
    * By Yair Even-Or
    * Don't sell this code. (c)
    * https://github.com/yairEO/tagify
    */

    So, no mention of MIT and only mention of Don't sell this code.

    I filed an issue [2] upstream about this inconsistency.

    Could this actually enter a Debian package?

    I'm wondering because of the JSON no evil [3] case.

    Regards,
    Fab


    [1]: https://github.com/yairEO/tagify
    [2]: https://github.com/yairEO/tagify/issues/996
    [3]: https://wiki.debian.org/qa.debian.org/jsonevil

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Paul Wise@21:1/5 to David Given on Wed Mar 2 01:20:01 2022
    On Tue, 2022-03-01 at 14:52 +0100, David Given wrote:

    The usual recommendations are to pick a standard OSI compliant
    license and not customise it. Using a standard license makes life
    easier for users because they don't have to think about the
    implications --- everyone already knows what BSD licenses, GPL
    licenses etc mean. My usual analogy is to suggest thinking about it
    like an API.

    These are good recommendations.

    https://choosealicense.com/ is a good resource here and gives
    reasonable advice.

    I feel like the framing on this site is slightly incorrect, copyleft
    licenses are not about "sharing improvements" with developers, but
    about ensuring software freedom for downstream users.

    It is only the cultural aspects of the FLOSS community that lead to
    sharing improvements, not copyleft licenses. Any license that mandated
    sharing improvements probably would not meet the DFSG/OSD/FSD.

    I'd suggest that if the author is concerned about people using their
    work commercially, then the author should look at the LGPL

    The LGPL does not preclude using the library commercially and indeed a
    license that did this would not meet the DFSG/OSD/FSD.

    this will make it easy to for users to use the library in another
    program, but will require that if the user modifies it or base work
    on it, they have to distribute the modified source.

    Indeed. Note the LGPL also requires that it has to be easy for users to
    use a modified version of LGPL library with things linked against the
    original version of the LGPL library, either through dynamic linking or
    by making it possible to re-link applications using the library.

    --
    bye,
    pabs

    https://wiki.debian.org/PaulWise

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmIet80ACgkQMRa6Xp/6 aaM3+Q/+LzpkAFExGsKSdI1TsFzz5+Idbg+bxVSaCZOhJdesGZVJOywnlT39cuAi a5SscJPqY8yjs3Adza40shGkNoxjGCCUxvYotZgGZ0EIOkbyu/V0R4t0Tv1TMyBE LmCTb17cBRiS9zR+kEMBXFyHBnK0F1n3EvB9yJi0jNIdZJgGg/BO9/VndhohVffQ lX1Pzvk+P6zUNkk/ldOZwNnUxZ/M+9b8B+t3NdGQ2BGeVvwPITd8TFnQ17+BAb0G zBezmaahyCeEdPefYvTt7H9FOFlyvhkJzWY34+ILuVQ90fD2ds5MOr6rEbgumsTs WLBXln6L0czolJOvO1f9gtNy4RpaLYVPkufDvgHVKG3JqiTA18a3GNBScUYNkz1+ jN9BTGmCZhyKH/z/MS1Hg3GaEpsUy44by3Bs8kuxwOnB+2eJQTFeQoKaz6WYoeM9 RYeBMg18K6Itut77KO0f+HI8XGoaMCutUI6g5jz74kcki/ofCnIvw3mjlUslemp4 5ktLoGiEi3kRJYK/HFrp5PSEsd2kqtINs8ifmOtLGoSwoSB1QVsMF9rprXo49HM0 HvbN8I4BIMcR9C8Z/up3L6sx5ffv2kn6HlOrPksSajb7slMERL/TTYkDHIeoT9xU eztyZFvIA61S+DU9pOfAGnmrt8x6G1GaZbhm71LOLptDF7AoOuU=
    =5okW
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)