Comments (18)
I regret but I have already deleted all of those packages!
https://github.com/PetrKryslUCSD/MeshPorter.jl https://github.com/PetrKryslUCSD/MeshKeeper.jl https://github.com/PetrKryslUCSD/MeshMaker.jl https://github.com/PetrKryslUCSD/MeshFinder.jl
As suggested above, I wish to state for the record that I waive the copyright to the above four packages.
from general.
In many jurisdictions you can not just "waive copyright". Certainly not in Germany.
at the same time, let's not blow things out of proportion. "expose users to litigation risk" is not very plausible. Yes, a hypothetical risk exists, but there are many hurdles against that (like: you must actually use that package AND it's copyright holders must decide to sue AND they must have standing (package non-trivial -- difficult to argue for eg GAPTypes) and a bunch more. The argument given above that registering a package indicates intent to enable others to use your code also has legal weight. So it's not as black and white as some expressed it here. IANAL though (but I was involved centrally in legal proceedings against companies violating the GPL on code I hold
copyright on, which involved talking to lawyers about this quite a bit)
oh and indeed: conversely, even if there is a license attached you are not free of risk... eg you might VIOLATE that license. And get sued for that ;-)
from general.
I just checked InfrastructureSensing
on JuliaHub to see how much usage it got which yielded nothing but intererstingly on JuliaHub the package is credited to @rbalexan. I'm not sure where JuliaHub gets that info but assuming this is correct maybe you could find other authors in this way?
from general.
Searching GAPTypes brought me to https://discourse.julialang.org/t/swizzling-the-super-type-of-a-foreign-julia-type-or-how-evil-must-i-be/33733 by @fingolfin
from general.
Ah, #19033 (comment) has a bunch of authors: @Moelf for BigG, @PetrKryslUCSD for MeshFinder, @lucianolorenti for Estapir, and @slmcbane for MirroredArrayViews
from general.
Great detective work, looks like all packages can go into the "ping author" pile (and looks like at least some of the authors are still active in the community so that's helpful).
Thanks Avik for looking at this, it's one of those things that potential enterprise users might (rightly!) freak out over.
from general.
GAPTypes could be deleted / yanked from my POV. Of course you then may wish to yank old versions of GAP.jl that depend on it.
from general.
While I don't disagree that we should remove these, I think that we should probably add terms of service to the registry, stating that by registering a package, you give at least some right to use the code. It's a little hard to pick terms; we may need to talk to a lawyer about this. I do also think that there's a pretty decent legal case to be made that by publishing and registering code, you obviously intended for people to use it, so that seems like some kind of implicit permission, but obviously we'd rather have explicit permission with clear terms.
from general.
in my case it was superseded by https://github.com/tlienart/Franklin.jl so can we just delete it? I'm sure nobody ever used it
from general.
I wonder if these could be removed from the registry?
https://github.com/PetrKryslUCSD/MeshPorter.jl
https://github.com/PetrKryslUCSD/MeshKeeper.jl
https://github.com/PetrKryslUCSD/MeshMaker.jl
https://github.com/PetrKryslUCSD/MeshFinder.jl
Their original raison d'etre passed.
from general.
Wouldn't the easiest way forward here for the authors to just retrospectively slap an MIT license on this and then there's no need to yank anything?
from general.
I believe these particular repos have all been deleted, so they would need to be reconstituted
from general.
In my case the repository was deleted, I guess it can be removed from the registry
from general.
If the repository is gone (as in the GAPTypes case), where do we "slap" that license to?
from general.
I thought the issue was that these packages are still installable from package servers, so presumably the repos are mirrored there? If that's not the case then yanking is by definition fine.
from general.
Julia's pkg server is designed so that even if author deleted original repo, packages are still installable -- this is a good design.
deleting stuff from pkg server is a separate item, need manual review for sure
from general.
That's what I understood, and I apologise if I'm just confusing the issue here but I thought the problem was exactly that
(i) there are packages that are installable from General,
(ii) but don't have a license and therefore expose users to litigation risk, and
(iii) as a point of principle we don't want to yank things from General due to the promises we make on reproducibility.
It seemed to me that to the extent that authors are still contactable it might be feasible to get their permission to just retroactively add an MIT license to wherever these package now exist and General is getting them from, solving the litigation risk issue without yanking.
I might be misunderstanding though and again sorry if I'm just adding noise here.
from general.
from Slack, it sounds like from the copyright point of view, it might be OK if the authors just write something in this issue like "I waive copyright to the code in package XYZ", since that is a thing they have the right to do, and it would alleviate users from issues. It wouldn't solve the problem of there are packages without OSI-approved licenses (which is against General's policy in general) but it would mean that in such cases those problems aren't very impactful, and my opinion would be it's fine to leave the packages there without yanking them or such, in that case.
from general.
Related Issues (20)
- Error: TagBot experienced an unexpected internal failure HOT 1
- Gadfly v1.4.0 ? HOT 1
- over 1000 packages starting with `S` HOT 3
- JET versions before 0.8.28 are not compatible with Julia 1.11 HOT 8
- Streamline retroactive compat bounds adjustment HOT 1
- Allow auto-merge from PRs made on fork of General HOT 2
- Recommend for, or at least against, some OSI licences? E.g. against Apache 2.0 HOT 2
- what is the stopwatch mechanism for? HOT 1
- Debug: Deps.toml does not exists HOT 1
- Auto block registration of packages pre-1.0 HOT 11
- Package updates blocked because of URL changes
- Update package url due to ownership transfer HOT 1
- "not able to load the package" due to PyCall/Conda problems HOT 3
- Your `new package` pull request does not meet the guidelines for auto-merging. Please make sure that you have read the [General registry README](https://github.com/JuliaRegistries/General/blob/master/README.md) and the [AutoMerge guidelines](https://juliaregistries.github.io/RegistryCI.jl/stable/guidelines/). The following guidelines were not met:
- yank NCDatasets 0.13.0 HOT 2
- Not able to register because of lack of upper-bound for releases of LinearAlgebra HOT 6
- Update stdlib compats of JLLs
- Broken link to package naming guidelines in README
- Add CI jobs for Julia v1.10 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from general.