Giter VIP home page Giter VIP logo

Comments (5)

abcoathup avatar abcoathup commented on August 30, 2024 1

Hi @PaulRBerg,

I posted in the forum about SPDX license identifiers.

Verification is the big impact, with the likelihood that we need to move away from flattened file verification.
https://forum.openzeppelin.com/t/solidity-0-6-8-introduces-spdx-license-identifiers/2859

from openzeppelin-contracts-upgradeable.

frangio avatar frangio commented on August 30, 2024

@uniibu I believe this has already been fixed in #2235, right?

from openzeppelin-contracts-upgradeable.

PaulRBerg avatar PaulRBerg commented on August 30, 2024

I think this is trickier than it seems. OpenZeppelin/openzeppelin-contracts#2235 sets the license to "MIT", but the end-user of the OpenZeppelin library may want to use a different license.

Furthermore, it's common for Ethereum developers to flatten their contracts before going to to mainnet, and with a SPDX predefined by OpenZeppelin, there will be conflicting licenses in the final smart contract product.

Ideally, the Solidity compiler should allow turning off some of its rules if the user annotates it (similar to how eslint does it).

from openzeppelin-contracts-upgradeable.

frangio avatar frangio commented on August 30, 2024

@PaulRBerg I agree that this is problematic, but I don't see that OpenZeppelin Contracts is doing anything wrong including the MIT license identifiers. Would you agree?

If a project uses the files we provide as part of their project, my understanding is that it cannot claim a different license for those files. They can use a different license for their own files, however, and in that case I don't know what the SPDX comment should say for the flattened file.

I've created these two issues to discuss and track this:

I am closing this issue as I believe we have resolved this on our side, but I'm keeping track of the issues linked above so that we can solve the problems this may be causing to users.

from openzeppelin-contracts-upgradeable.

PaulRBerg avatar PaulRBerg commented on August 30, 2024

Actually yeah you're right. If they do flatten the contracts, they can do a bit of extra work and de-dup the unfit licenses.

from openzeppelin-contracts-upgradeable.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.