Relicense to dual MIT/Apache2

[seanmonstar]

No description provided.

[sanmai-NL]

@seanmonstar: Is this a matter of just updating the metadata and other tidbits, or is something else holding this up? Would be nice if casual contributors could take care of this. Maybe what would suffice is an EASY/DIFFICULT tag on the issue.

[seanmonstar]

The issue is legal, and two fold:

1. Do we actually have permission to relicense the content? Most contributors also contribute to other Rust projects that are dual licensed, and would probably be OK with the change. The ones that wouldn't, we could probably rewrite their changes, or their change may not be copyrightable (typo fixes and things), or already gone due to refactors. And even then, do the contributors actually have the right to change their license, or could it have been owned by a company that doesn't want to give a patent license...

2. Is it actually smart to dial license MIT and Apache? Apache gives a mutual patent license, so anyone suing the project automatically loses any license they received using it. However, the dual license allows someone to sue while simultaneously just using under the MIT license. I don't expect to be sued, but bleck.

I filed this issue a while ago, when many projects were changing to a dual license. Since then, I'm not certain such a thing is good or not...

[carllerche]

The answer is 2. It is pointless to dual license under MIT and Apache2 as you gain none of the Apache2 protection.

Not only that, but the process of re-licencing by getting all individuals who submitted contributions to click a checkbox is untested in court and highly dubious in my view. I am going to avoid explaining why I think it is dubious given that I am not a lawyer.

[sanmai-NL]

I fully agree with both of you. I, for one, am only interested in releasing my company's OSS code under Apache 2.0 (or an equivalent more geared towards European IP law). Apache 2.0 appears superior to MIT for general OSS project purposes. So, can this issue be closed until a concrete need arises to revisit the IP matter?

[carllerche]

@sanmai-NL the main issue, I believe, with Apache 2.0 is that it isn't GPL compatible.

Hyper is already MIT, so there is no issue there.

[sanmai-NL]

@carllerche: That is strange. Thanks, I didn't recall that fact. That is the position of the Free Software Foundation, based on their interpretation. I do wish to clarify something in relation to your comment. Suppose Hyper grants Apache 2.0 licenses instead of MIT licenses, then this would have no liability consequences for licensees, e.g. they would remain safe if they were granted GPL licenses for other (third-party) components, in the sense that they would not infringe their GPL license per FSF's reading of it. Granting Apache 2.0 licenses would only limit Hyper in that Hyper itself may then not be granted GPL licenses for its own dependencies.

So MIT vs. Apache 2.0 is trade-off, Hyper can choose to be bitten by a dog (patent infringement claims) or a cat (GPL license infringement claims) so to say. And all of this is contingent on the basis that the authors of Hyper have indeed granted a license to licensees at all. That is questionable given the lack of signed Contributor License Agreement between all authors and some guardian entity. 😖 I would be more concerned about patent infringement claims than about GPL copyright infringement claims, since parties that hold patents naturally have legal resources while GPL licensors do not.

Us programmers often relegate these thorny legal issues to lawyers, but it is a fact all of this OSS legalism has hardly been tested in courts and remain speculative. Even lawyers can't give a definite answer.

[seanmonstar]

Indeed, it's a horrible world and we'd rather all just pretend it doesn't exist.

I'll close this for now, and if compelling reasons appear that should make us reconsider, we can reopen.