[BUG] Full-text licenses required for license-compliance
Created by: sten0
Hi,
First of all, thank you for this UberWriter! :-) Also, everyone I've shown uberwriter.github.io to has been impressed by the web site and was excited to try your software, so I'd like to commend everyone involved on this success. Here's what I found while doing the copyright review required for inclusion into Debian:
GPL-3 license for a multi-file work requires a full-text copy of the license somewhere in the repo. This is particularly important for works that incorporate other differently licensed works. For your convenience: https://www.gnu.org/licenses/gpl-3.0.txt
When the work-as-a-whole is GPL-3 it's conventionally named LICENSE, COPYRIGHT, etc. and stored in the root of project, many projects have a "LICENSES" directory which contains copies of all licenses, and some projects do both. If you'd like to provide a top-down summary beyond what I've written here, please let me know, since I have to do the work anyways--projects that have a top-level "LICENSES" directory tend to use one of these to make it easier to see what's what.
I'm not sure what the source is for LatexToPNG.py
(afaict there are two possibilities), and the file header doesn't make it clear if it's the MIT/X or the MIT/Expat variant. Both require the presence of a full-text license, either in the header or as an additional file, and this has neither. This is possibly serious license-compliance issue. If the upstream to you doesn't have the MIT/X or MIT/Expat text, then the work is copyright but unlicensed, because the liberties granted by he license require the unmodified license text, either in the headers or as a separate file. Would you please share if this module has been customised, and where it's from? Ideally this info should be stored in the repo for each bundled piece of software.
uberwriter/plugins/bibtex/fuzzywuzzy/{fuzz.py,process.py}
are fine, because the full-text is in the headers, but gi_composites.py
requires LGPL-2.1 full-text. https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt It's also not clear what license the other files under .../plugins/bibtex/
fall under. Given that *
rule is GPL-3+ (all files that don't have an exception), and the project as a whole is GPL-3+, the current state of the repo infers that they inherit the global rule, © Wolf Vollprecht and/or Vova Kolobok.
The bundled (unmodified?) gtkspellcheck is covered by the proposed project-wide GPL-3 full-text copy.
The bundled (unmodified?) pressagio has requirements for compliance in §4 of the Apache 2.0 license:
You must give any other recipients of the Work or Derivative Works a copy of this License; and
You must cause any modified files to carry prominent notices stating that You changed the files; and
This one is also serious, because the current state of the uberwriter repo is in breach of pressagio's license.
uberwriter_lib/webkit2png/*
is fine with the existing Expat header.
I think that's everything :-) 'hope the results of this (boring) copyright review are well received! Regards, Nicholas