jquery-validation-unobstrusive in samples is licensed under a non-open source license #34785
Comments
|
/cc: @Pilchie |
javiercn
added
the
area-mvc
|
Thanks for contacting us. We're moving this issue to the |
|
Hey, @mkArtakMSFT ! I wanted to provide more context around the potential impact of this bug. We (Red Hat) use source-build to build .NET fully from source, trusting that it is only open source code. We do not (and can not) use non-open (or proprietary) source code. These files, even though they are just samples/docs, contain a non-open source license. They end up in the source compilation produced by source-build. The way we see it, that results in the source-build compilation itself being non-open source. And that means we can't use source-built at all! For now, we work around that by deleting all the samples as manual step from the source-build compilation to avoid any risk of using non-open source code. But any other consumer of source-build (and this repo) might miss that. Even we could forget this manual step. That could result in somone accidentally using non-open source code and risk violating the license terms of some of the code in this repo. I understand it's too late to fix this for 6.0.0 GA. Would it be possible to re-evaluate this bug and the impact for a followup/bugfix release, please? |
|
Tagging @ChrisSfanos here too, but AFAIK, since Microsoft is the original copyright holder of where those files came from, we should be able to re-license them in this repo to match the rest of the repo. Does that seem right to you @ChrisSfanos? |
|
FWIW, the upstream project re-licensed the files already: aspnet/jquery-validation-unobtrusive@7ebb8db. So maybe all that's needed here is updating the samples to a newer version (3.2.11)? Not sure which is less effort vs risk - updating to a new version or just re-license the known-to-work files. |
|
@Pilchie - yes, that is fine. I see no reason not to re-license the sample files to MIT (to be consistent with our moving other repos to MIT). |
|
Ping ... Can we make this happen for .NET 7? |
|
Discussed this with @ChrisSfanos offline. Here are the next steps to be taken: |
|
Can this be done in a way that also benefits .NET 6 source-build? Thanks! This sounds great. |
|
Would it make sense to update https://github.com/aspnet/jquery-validation-unobtrusive/blob/main/Microsoft.jQuery.Unobtrusive.Validation.nuspec as well? It says the license is at https://www.microsoft.com/web/webpi/eula/net_library_eula_ENU.htm, which isn't an MIT license. |
|
@mkArtakMSFT I wasn't aware of this issue but suggest we do the release in jquery-validation-unobtrusive and version update in aspnetcore soon. Who or what is required to make this happen❔ |
|
@ChrisSfanos is going to resolve this for us. |
I'm working on this: aspnet/jquery-validation-unobtrusive#153 |
|
Update: the license in the repo has been updated, but there are few nuances that I'm working around before I can publish a release. |
|
A new version of jquery-validation-unobtrusive has been published to NuGet and npmjs. |
|
I've filed a follow-up issue to track updating the references to the latest version: #42904 @richlander, there is no more action pending from our side here but the above referenced issue. Should this be closed now? |
|
If it's okay with everyone, I would like to keep this issue open until the reproducer steps confirm the fix. Right now, I still see the references to licenses. |
|
That's a good test, @omajid. Can you address those as well @mkArtakMSFT? |
|
This has been addressed by #42999 |
|
Thanks! It looks like my original concern remains unaddressed, though: |
|
I thought I had fixed these in #34573, but it looks like I missed the bower files. We should be able to just change these (by effectively re-licensing the copy that is in the aspnetcore repo). |
|
Thanks @omajid! |
|
Thanks for fixing this, @mkArtakMSFT |
ghost
locked as resolved and limited conversation to collaborators
Describe the bug
ASP.NET Core is licensed under an Open Source License (Apache or MIT). However, some samples in this repository are under a proprietary license. Anyone looking to build and distribute ASP.NET Core from source (for example, Linux distributions as part of the source-build work) is at risk of accidentally violating the license.
Specifically, anumber of
.bower.jsonfiles contain this license entry:And the license that it points to is not an Open Source License.
Since these are just samples, anyone looking to build and distribute ASP.NET Core can, as a workaround, delete the files and avoid packaging them, but it would be much easier and safer for everyone if the licenses were fixed (or the files were re-licensed or, failing that, any non-open source files were removed).
To Reproduce
The text was updated successfully, but these errors were encountered: