Software licence #264
Comments
|
There are lots ACCESS-OM2 components to check for license compatibility... |
|
CODE COMPONENT SPAGHETTI! Yeah I get it. I'm all for the "Ostrich Licence" approach, but does that even work if components have licences? I really wish I didn't have to care about this. |
|
Looks like you have a serious issue here with MOM5... Also keep in mind that any code that is in this repository, but not on any submodules, like tests, utilities, etc also needs to have a license (and each file needs a copyright notice). |
|
Just so @aekiss doesn't feel too burdened, it is a recommendation that code files include the copyright statement, it isn't compulsory. |
|
So let's skip it then |
|
Ostrich is off the table. I repeat, ostrich is off the table https://opensource.guide/legal/#are-public-github-projects-open-source
That isn't the only source I've found for the assertion that no license means no safe re-use. Now this is all theoretical, I certainly don't think you're going to get sued by anyone for using Equally you want your work to be shared and re-used with confidence, then an open source licence (MIT?) is a good idea. |
|
too late! |
|
But seriously, what would be the most widely-compatible license? |
|
Check this from CESM |
|
hm, OK so that's a DIY license -- would it be better to use something standard? |
MIT is very open. Ditto apache. Essentially a free-for-all, knock yourself out. Check out licences here: But this stuff is horrible, I hate it, I wish I wasn't discussing it. If you include GPL code into your own code, then you're obligated to have a GPL licence, or strictly denote which bits are GPL and which are, say, MIT or apache. BUT I AM NOT A LAWYER SO THIS IS JUST MY RECKONS FROM READING SOME STUFF ON THE INTERNET. |
|
We have some conditions of use here: https://github.com/COSIMA/access-om2#conditions-of-use |
|
Interestingly GPL licences explicitly don't allow for binding someone who uses the code to quote/cite it. Only to reproduce the licence when making derivative works. So stuff like that is more of a request than an obligation. |
|
going through the horrendogram above, here's an overview of the licensing of the various components:
|
The main issue you have here is that you are combining things that are not GPL with GPL code. That's a big no... You can use non-GPL from GPL, but usually not the other way around. So you definitely need to relicense MOM5, because although you can choose the license you want for the code in this repo and in some of the components (e.g,, libaccessom2), you are not the copyright holder of some of the components that have an incompatible license. |
|
Concerning the choice of license for this repo and libaccessom2, any license that is compatible with the most restrictive license from the components is fine. Once you change the license of MOM5, you can basically choose any of the standard non-GPL open-source licenses. For libraries, I'm a big fan of the Mozilla Public License, because it provides you, as a developer, with almost all the protections of LGPL, while still allowing static linking with non-(L)GPL code. |
|
Any experience or expertise is welcome @micaeljtoliveira! When using an LGPL licence it is common to assign copyright to the Free Software Foundation, so they can lawyer-up on your behalf. Seems a bit odd to me, and who has the copyright to the code developed in here? My head hurts. Thanks for doing the hard yards on the licensing @aekiss. I am sorry that you have been pulled into this ball of misery and confusion. Turns out GPL is viral for despair as well. |
No, that's not common. Usually is only done for GNU software. Note that you cannot assign copyright to the FSF just like that. You need every copyright holder to sign an assignment contract and send it to the FSF (assuming they are actually interested in your code!)
In general the copyright belongs to the person who wrote the code. It can also belong to your employer, depending on the conditions of your employment contract. |
|
Thanks @micaeljtoliveira, I clearly got myself quite confused. See, I told you I didn't know what I was talking about. Looking at the contributors, it is only @aekiss, @nichannah and me (@aidanheerdegen) who have substantial contributions to this repo. If we can get @nichannah to give us agreement I think adding a license shouldn't be a problem. Just have to choose which one. Mozilla says it is explicitly not compatible with GPL https://www.mozilla.org/en-US/MPL/license-policy/
But this site disagrees https://fossa.com/blog/open-source-software-licenses-101-mozilla-public-license-2-0/
As does this wikipedia article Perhaps the Mozilla page is referring explicitly to an older version of the GPL? |
|
@aidanheerdegen Weird. This other page from the Mozilla website says it's compatible (the whole page is about how to combine MPL2 and GPL!): https://www.mozilla.org/en-US/MPL/2.0/combining-mpl-and-gpl/ |
|
IKR. I feel justified in my fear and loathing of licensing. |
|
An important decision to make: do you want copyleft or permissive? Because Mozilla is apparently weak copyleft: https://fossa.com/blog/open-source-software-licenses-101-mozilla-public-license-2-0/ The NRI is looking like going for Apache-2.0 as it is permissive but modified versions that are distributed must include notification of the modifications, so it is clear who did what. https://fossa.com/blog/open-source-licenses-101-apache-license-2-0/ |
|
The fact that the MPL2 is weak copyleft is precisely the reason why I like it, as it makes sure any redistributed modifications of your code are kept open. It's very annoying to learn that someone took your code, improved it and/or fixed bugs and then redistributed it in binary form without disclosing the modified sources. Personally, I don't see any disadvantage of the MPL2 regarding the Apache 2. Since modifications are public with the MPL2, it's clear what was modified and by whom. On the other hand, the Apache 2 is incompatible with the GPL2, which might be a headache in the future (I recently discovered that I have this exact issue in a code that has two dependencies, one using the GPL2 and the other one the Apache 2...) |
|
Good point. Seeing as other major codes are copyleft seems sensible to keep on that side of the fence. This will languish unless I keep banging on about it, so can we (I?) take a licence change proposal to the next COSIMA Meeting @aekiss? Offer up MPL2 as an explicit choice. |
|
I can add it to the agenda for this Thurs if you like @aidanheerdegen. It would require a short background presentation so that people have some grasp of these licensing issues. |
|
Yeah, I was afraid you'd say that. I'm happy to try, but as demonstrated in this thread, I am frequently wrong and particularly when it comes to this topic. Happy for someone else more knowledgeable to do it ... cough ... @micaeljtoliveira ... cough |
|
I don't mind doing it, but tomorrow I most likely won't be able to join the meeting. |
|
Thanks @micaeljtoliveira. Next week then? |
|
at the start of January |
|
Then maybe it's best to discuss this during the January TWG meeting. |
|
Or discuss in Dec without me? I have neither expertise nor strong opinions, so I don't feel I need to be present for a decision.... |
|
I have asked @micaeljtoliveira to add this to the next TWG meeting agenda. God help us all. |
Sure. I spend some time looking at licenses again a couple of months ago and I think I know have a much better understanding of how combining multiples licenses works. |
|
This issue has been mentioned on ACCESS Hive Community Forum. There might be relevant details there: https://forum.access-hive.org.au/t/cosima-twg-meeting-minutes-2024/1734/6 |
|
I misspoke in the meeting @micaeljtoliveira. MOM5 is LGPLv3. So not as viral? I guess that just means we should/could license ACCESS-OM3 as either LGPLv3 too, if we think it qualifies as code, otherwise some non-code license like CC-BY-4.0. |
Ah, that changes things quite a lot. No, not viral at all.
Any license compatible with all the other ones works, as none of them is viral. Note that any code that does not link with the different components, like scripts, do not need to have a compatible license. If you want, you can also include a |
|
I've only just noticed that the COSIMA model configs say they're covered by a CC BY-NC-ND 4.0 license: https://github.com/COSIMA/1deg_jra55_ryf/blob/master/metadata.yaml#L16 @aekiss is there a specific reason to use a non-commercial no derivatives license? We reasoned as we're government funded it wasn't really reasonable for us to limit what uses others wanted to make of our work, including Australian commercial entities. Also the restriction on creating derivative works seems problematic, and would seemingly prevent ACCESS-NRI from creating derived configurations |
|
Hm, ok I don't recall a lot of thought going in to the CC license. I agree it seems like it should be something less restrictive. |
|
I would advocate for CC BY 4.0 as it retains the necessity to acknowledge COSIMA but places the least restrictions on derivative works but also makes the work as widely usable as possible. I think this is a worthy goal. If you really feel strongly that the license should be unchanged in derivative works then CC BY-SA 4.0 might be a better choice. And because more links are always good
If you're happy to make a decision I can make PRs to update the COSIMA repos so ACCESS-NRI is consistent with COSIMA. |
|
I'm happy with CC BY 4.0 |
|
all merged |
|
The MIT license is more heartfelt and beautiful than I ever realised https://twitter.com/goodside/status/1775713487529922702 (turn off mute) |
|
"the sooooftwaaaare" |
There is currently no licence for the ACCESS-OM2 model. I don't know if this is a problem or not, but currently looking into licensing for the ACCESS-NRI and noticed the absence of a licence.
Note that there are some licence incompatibility issues with MOM5
mom-ocean/MOM5#370
The text was updated successfully, but these errors were encountered: