Giter VIP home page Giter VIP logo

Comments (1)

pilosus avatar pilosus commented on July 17, 2024

Hey @stealthrabbi

mandatory "I am not a lawyer",
but licensing and multi-licensing is a complex thing.
When you see multiple licenses for a package it may mean many different things:

  • You can apply any of the licenses
  • You must comply with all the licenses
  • Other logical expressions (think of AND and OR used between the licenses)
  • The author did something wrong and effectively broke the license compatibility

You cannot really tell apart those cases from the Python package meta data about the license.
There is a really nice initiative wrapped up in PEP 639 about proper use of so called SPDX expressions (unique license ids + logic ops to write expressions) in Python package meta that will help to eliminate the ambiguity of (multi-)licensing for a package. This is a great read, I encourage you to read it if you are interested in the topic.

But before the SPDX expressions are introduced, there's no way to understand the licensing other than investigating the package in question. Usually, you need to go to the package repo and find a file like COPYING or LICENSE or LICENCE and read it :-)

If a package author is merciful enough, you will see a human-readable and understandable summary, like here. If not, you may need to dig deeper, like here.

Since the checker cannot really do this stuff for you (someone needs to submit a PR with ChatGPT to solve that haha), it tries to stay safe, picking up the most copylefty license for the multi-licensing cases.

My personal flow for cases like that:

  1. Multi-licensing detected with the license category I cannot use in my project
  2. I go and investigate the effective T&Cs of the project
  3. If after that I can discount the risks, I add the package to the exceptions with an option --exclude '^(package_a|package_b|...).*'
  4. I also keep the records of the exclusions from the p.3 somewhere (like spreadsheet with the timestamp for the next "reaccreditation") to check the package for the cases like changing the license

Hope that helps

from pip-license-checker.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.