Licensing inconsistency #10
Comments
|
The open source connectors are not consistently licensed, we are working towards making them consistent. Not all of our connectors are open source. We'll look at making that clearer, maybe listing them in the loopback README would help. /cc @chandadharap @ijroth |
|
Thanks for your reply. I understand the inconsistency. Its not just that the open source connectors are not what is advertised but that there are connectors that are not open source at all. Can you explain what you mean by working towards making them consistent. Do you mean these will be closed as a result of the IBM deal. If you are going to make changes, I'd suggest as a start by changing on Loopback site since you are deceiving developers into thinking this is dual licensed MIT which it is not and you have acknowledged that. Also, can you please clarify why this architecture has no acknowledgement for where the code was derived from in its sources. I understand the datasource juggler and connections were forked from JugglingDB but I see nothing in terms of the MIT license in your distribution of code that indicates its heritage. That does not seem right. |
|
By consistent we mean making all the open source connectors use the same licensing terms. The connectors that are not currently open source would/will need to be looked at individually to make sure that there aren't any legal obligations preventing them from being open sourced - if that is the direction that IBM chooses. I know this topic is being discussed, but I haven't heard the final results of those discussions yet. It sounded positive from across the room - but the room was loud so definitely don't quote me on that. Do you have any suggestions on what would make the website more clear? Currently the only place it references licensing is under the heading "Core". To me that suggests loopback, loopback-connector, loopback-workspace, loopback-boot, etc. that are not tied to any specific database or backend choices, and those modules are all MIT/StrongLoop as the website says. I think listing every individual module and its licenses would take up a bunch of screen space and not really Regarding JugglingDB, is there somewhere that you think would more appropriate than the NOTICE file and in the README.md? The heritage of the project is certainly not something we try to hide (it is called loopback-datasource-juggler, after all). I can't really think of anywhere else to describe the relationship to JugglingDB more clearly than the module name itself and the project's REAME.md. The reason it isn't mentioned in the LICENSE.md file is more of a practical matter - we are about to hit 400 repos and it is far easier to maintain them all if we can use templates for boilerplate files like LICENSE.md and CONTRIBUTING.md. |
|
Hello. The ORM software is of no value without connectors obviously and it works hand in hand with them. It needs be clear on the Loopback page that connectors are available under different licenses. They should not be assumed to be open source. npm nor your CLI discriminates when it pulls packages into a project. The datasource juggler and connectors do not apply the MIT as prescribed by the license. This is licensing, not documentation, and these products were derived from MIT licensed projects. The MIT license is to be included with the appropriate copyright attribution along with your own. The copyright notice with the permission notice is to be included in all copies or substantial portions of the software as it states, that is my belief about how this works. You are granted rights to sublicense not relicense the code under the MIT to be clear. When you sublicense, the Copyright for the original software must be retained. |
|
@scriptjs This connector, sqlite3, is not a derivative of jugglingDB and is entirely copyright by its authors. JugglingDB license is https://github.com/1602/jugglingdb#mit-license, it clearly says the license must be copied verbatim into derivative works, and it is, see https://github.com/strongloop/loopback-datasource-juggler/blob/master/NOTICE. We're looking at making the licensing clearer to people (and machines), an ongoing project made difficult by the number of open source repos we have. In the meantime, thought IANAL, the licensing appears to be correct to me. I'm not clear why you think every loopback connector is, or even should be, under the same license. I can't find any statement to the effect that every connector has the identical license to loopback, it was certainly not our intention to give that impression, and some of our connectors are not open source. We have heard your suggestion that we find some place to make this even more clear than it already is, and we will work on this. It hasn't come up before but thank you for the idea to clarify. BTW do you have an open source project that needs to use one of the commercially-licensed connectors? If so please contact us at [email protected] to see if we can find a way to make that work. |
|
Please resolve the disparities in the licensing so that developers can rely on a consistent approach. This is why I have spent this time communicating. It needs a resolution and it has not been resolved through this discussion. The connectors and their APIs are derived works from JugglingDB but the licenses, notices and site are misleading. Please consult your website as to why anyone would think the sources would be open. It is because you advertise it as so. "LoopBack is a highly-extensible, open-source Node.js framework." "MIT Open-Source license You market Loopback as open source with reference to services you can get with an SLA. In reality the framework is not open source since many of the connectors are not open. I have tried to identify those that are not but there seem to be other components with closed licenses or that would not allow you to distribute your own changes. Number of repositories aside, a consistent approach avoids this kind of discussion completely. The connectors are important to me for connecting various backends. I have not yet made a decision on the ORM I will use in my next project. It will be one with an open source license. |
Licenses for Loopback are MIT/Strongloop are they not? Confused by Artistic license on these and other packages since a number are MIT/Strongloop including Mongo and others. Should these not be consistently MIT/Strongloop?
Perhaps there is an oversight here but the ability to make modifications and distribute these in your own code base/apps is what make this open. Can you clarify your position on these things since it is hard to know when requiring modules in node what to expect with Loopback modules and that is a serious turn off.
Please be consistent one way or the other. If it is not MIT, then it makes decision easier on whether to use loopback modules or work with another framework.
The following connectors appear to be inconsistent with the rest that are MIT/Strongloop:
loopback-connector-sqlite3 Artistic/Strongloop
loopback-connector-postgresql Artistic/Strongloop
loopback-connector-soap Strongloop proprietary license
loopback-connector-oracle Strongloop proprietary license
loopback-connector-mssql Strongloop proprietary license
Your advertising for loopback describes it as being:
Dual Licensed: MIT open-source license or StrongLoop license
This is not the case for a significant number of adapters for popular databases. I'll leave this to be answered once but this applies to a number of loopback packages. This is really a general question that applies to the Loopback ecosystem. I think anything that is promoted as Loopback should be expected to be licensed as advertised.
The text was updated successfully, but these errors were encountered: