Comments (1)
Hey @stealthrabbi
mandatory "I am not a lawyer",
but licensing and multi-licensing is a complex thing.
When you see multiple licenses for a package it may mean many different things:
- You can apply any of the licenses
- You must comply with all the licenses
- Other logical expressions (think of
AND
andOR
used between the licenses) - The author did something wrong and effectively broke the license compatibility
You cannot really tell apart those cases from the Python package meta data about the license.
There is a really nice initiative wrapped up in PEP 639 about proper use of so called SPDX expressions (unique license ids + logic ops to write expressions) in Python package meta that will help to eliminate the ambiguity of (multi-)licensing for a package. This is a great read, I encourage you to read it if you are interested in the topic.
But before the SPDX expressions are introduced, there's no way to understand the licensing other than investigating the package in question. Usually, you need to go to the package repo and find a file like COPYING
or LICENSE
or LICENCE
and read it :-)
If a package author is merciful enough, you will see a human-readable and understandable summary, like here. If not, you may need to dig deeper, like here.
Since the checker cannot really do this stuff for you (someone needs to submit a PR with ChatGPT to solve that haha), it tries to stay safe, picking up the most copylefty license for the multi-licensing cases.
My personal flow for cases like that:
- Multi-licensing detected with the license category I cannot use in my project
- I go and investigate the effective T&Cs of the project
- If after that I can discount the risks, I add the package to the exceptions with an option
--exclude '^(package_a|package_b|...).*'
- I also keep the records of the exclusions from the p.3 somewhere (like spreadsheet with the timestamp for the next "reaccreditation") to check the package for the cases like changing the license
Hope that helps
from pip-license-checker.
Related Issues (20)
- Rate limit requests to PyPI
- Allow custom host for PyPI mirrors HOT 1
- Cannot get package meta when requirement file uses --follow-links
- More verbosity for errors
- Cannot get package meta when requirement file uses git+https HOT 2
- PyPI's JSON API response for project handler deprecates releases information HOT 3
- GitHub API requests should be rate-limited too HOT 1
- Caching for external API requests HOT 2
- Update base Docker images and JRE
- Improve errors verbosity for Java native exceptions
- GitHub API versioning
- Version parsing for PEP517 non-compliant Python packages
- Show license for yanked Python packages for exact version matches
- Python package version resolution includes pre-release versions even if --no-pre option used
- Exact version comparison (`==`) should not ignore pre-releases for native Python packages
- Number format exception due too long patch number HOT 2
- Number format exception due an unknown reason HOT 2
- Support PSF license(s)
- Exception in thread "main" java.util.concurrent.ExecutionException: java.lang.NumberFormatException: For input string: "20160909030348" HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pip-license-checker.