Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about license identifier #7942

Open
capfei opened this issue Apr 4, 2024 · 5 comments
Open

Question about license identifier #7942

capfei opened this issue Apr 4, 2024 · 5 comments
Assignees
@aclark4life
Labels
License
Milestone
10.4.0

Comments

@capfei
Copy link

capfei commented Apr 4, 2024

The license states HPND and I saw a PR from last year to get that text to match closer to what is listed on SPDX. However, I see that the Pillow license text actually matches what SPDX calls MIT-CMU (https://spdx.org/licenses/MIT-CMU.html) because of the additional text that is not included in HPND:

By obtaining, using, and/or copying this software and/or its associated
documentation, you agree that you have read, understood, and will comply
with the following terms and conditions:

For clarity, would it make sense to change Like PIL, Pillow is licensed under the open source HPND License to be MIT-CMU or maybe add the SPDX identifier to the license?
SPDX Identifier: MIT-CMU
This was referenced Apr 4, 2024
Open
Merged
Open
@aclark4life
Copy link
Member

@capfei Thank you for raising this issue! I'm not sure if that adds any clarity… please see: #1507 which references the origin of that discrepancy https://web.archive.org/web/20190323004036/https://effbot.org/zone/copyright.htm. Also let's ask @tieguy to comment. In an already-confusing-environment, it may be "more clear" to retain the historical HPND license.

@hugovk
Copy link
Member

hugovk commented Apr 4, 2024
edited by radarhere

The PIL licence is closer to MIT-CMU than HPND.

PIL vs. HPND:

image

PIL vs. MIT-CMU:

image

@tieguy
Copy link

tieguy commented Apr 14, 2024

Yeah, I validated this now with an automated tool (eyeballed it when we did this yearrrrrs ago) and it indeed more correctly labeled as MIT-CMU. Sorry for the extra work, @aclark4life !

@aclark4life
Copy link
Member

Yeah, I validated this now with an automated tool (eyeballed it when we did this yearrrrrs ago) and it indeed more correctly labeled as MIT-CMU. Sorry for the extra work, @aclark4life !

No trouble at all, but just so I understand:

  • The "Standard PIL License" is actually MIT-CMU
  • We thought the "Standard PIL License" was HPND but that was a mistake so now we should fix that mistake by change all of our references to "Standard PIL License" or HPND to MIT-CMU

At least that's my current understanding. Either way, the answer to questions like this one are still the same: comply with the terms of the license! I mean this is pretty clear whatever you call it:

By obtaining, using, and/or copying this software and/or its associated documentation, you agree that you have read, understood, and will comply with the following terms and conditions:

Permission to use, copy, modify, and distribute this software and its associated documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies, and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of the copyright holder not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.

THE COPYRIGHT HOLDER DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM THE LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

@hugovk
Copy link
Member

hugovk commented Apr 15, 2024
edited

Yes, let's update HPND -> MIT-CMU.

However, there is no Trove classifier for MIT-CMU:

https://pypi.org/classifiers/

We can request a new classifier by opening an issue:

https://pypi.org/help/#new-classifier

However, most of the others, like MIT and HPND, have "OSI Approved" in the classifier and can be found on the OSI website, but I don't see MIT-CMU:

https://opensource.org/license?ls=CMU

Approval is consensus-based via a mailing list and takes 60 days:

https://opensource.org/licenses/review-process

They also have another list to ask advice before proposing. I expect MIT-CMU should be fine as a legacy licence and due to its similarity to HPND?

@aclark4life Would you like to take care of this, check the criteria are met, and draft something up?

It's 77 days until the next release, a bit tight but not impossible!

TODO:

  • Request OSI approval for MIT-CMU via mailing list
  • When OSI approved, request MIT-CMU Trove classifier
  • When Trove classifier created, update Pillow source

@aclark4life aclark4life self-assigned this Apr 15, 2024
@aclark4life aclark4life added this to the 10.4.0 milestone Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aclark4life aclark4life

Labels
License
Projects
None yet
Milestone
10.4.0
Development

No branches or pull requests
5 participants
@aclark4life @tieguy @hugovk @radarhere @capfei