Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pyyaml-include is GPL3, doesn't that poison your MIT project? #1398

Open
alan-copeland-keysight opened this issue Nov 2, 2023 · 7 comments · Fixed by #1541 · May be fixed by #1809
Open

pyyaml-include is GPL3, doesn't that poison your MIT project? #1398

alan-copeland-keysight opened this issue Nov 2, 2023 · 7 comments · Fixed by #1541 · May be fixed by #1809
Labels
bug triage Trying to make sure if this is valid or not

Comments

@alan-copeland-keysight
Copy link

Describe the problem

pyyaml-include, one of your dependencies, is GPL3 - doesn't that poison your MIT project?

Template

To Reproduce

No response

Logs

No response

Expected behavior

Screenshots/screencasts/logs

No response

Operating system

Windows

Operating system distribution and version

Copier version

Python version

Installation method

pipx+pypi

Additional context

No response

@alan-copeland-keysight alan-copeland-keysight added bug triage Trying to make sure if this is valid or not labels Nov 2, 2023
@pawamoy
Copy link
Contributor

pawamoy commented Nov 2, 2023

I am not a lawyer, but license contamination is, I think, only caused in case of static linking (compiling stuff to a single binary, without dynamic linking). Python uses by essence "dynamic linking", so it's not as impacted by license contamination. Copier does not provide or publish pyyaml-include's code in any way: it's users that willingly install the dependency when installing Copier.

Something like this 🤷

@yajo
Copy link
Member

yajo commented Nov 18, 2023

Thanks for this investigation. I've been reading about the subject and it seems that the license violation is real. Also for jinja2-ansible-filters (see https://github.com/orgs/copier-org/discussions/1397#discussioncomment-7603817).

The FSF published https://www.gnu.org/licenses/gpl-faq.en.html#GPLStaticVsDynamic which states clearly that there's no difference between dynamic and static linking.

In https://opensource.stackexchange.com/a/2148/31465 is explained that, although this particular legal case hasn't been enforced by a trial, it's obvious what the author's intention is.

I have no desire to violate any laws, and I do have the desire to respect original authors' intentions, so we have to cure the infection.

We have 2 basic paths for the cure:

  1. Use GPL3 for Copier.
  2. Remove dependencies from those 2 libraries.

I'll open a poll in the forum and we'll see what our users think.

@RomainBrault
Copy link
Contributor

RomainBrault commented Jun 14, 2024

jinja2-ansible-filters is still a dependency, so isn´t the project still poisoned? @yajo

@pawamoy
Copy link
Contributor

pawamoy commented Jun 14, 2024

Seems like it is 🙈

@FeodorFitsner
Copy link

Where did you find jinja2-ansible-filters dependency?

@RomainBrault
Copy link
Contributor

RomainBrault commented Jun 14, 2024

In the pyproject.toml line 35: https://github.com/copier-org/copier/blob/master/pyproject.toml#L35

Found it with the licensecheck tool (https://github.com/google/licensecheck) in my venv after install too.

And

"jinja2_ansible_filters.AnsibleCoreFiltersExtension",
copier crash if the dependency is not found

@FeodorFitsner
Copy link

Oh, never mind! I though I was commenting in Flet project - my bad. 🫣

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug triage Trying to make sure if this is valid or not
Projects
None yet
5 participants