From 24f6891f9cef6f133ecc644bd60459de8f8d84f2 Mon Sep 17 00:00:00 2001 From: bill auger Date: Tue, 31 May 2016 08:28:32 -0400 Subject: [PATCH 1/4] expansion/clarification of non-license permissions I made some suggestions to this documentation today because I have been wondering about these ambiguities for years and am recently, trying to convince a repo maintainer to add a license to his repo which has over 1000 regular users; but this document (even the section: "Ask the maintainers nicely to add a license") offers nothing convincing to that end. In fact, it is barely self-consistent, and the GitHub TOS is so terse on the topic that it is not at all clear what this document implies specifically for GitHub users. The one paragraph states that GitHub public repos are forkable (and actually download-able) regardless of the license or lack thereof. Then the very next paragraph states that without a license users may not use the material in ANY way. This avoids blatant contradiction only by omitting that, strictly speaking, without a license the rights do not exist to copy or fork either. I hope this edit will serve to inform users until perhaps GitHub more clearly defines the limits of the permissions granted in section F1 of the TOS. Until then, I hope that the drafters of the GitHub TOS would read this PR mindfully and note that it raises some important issues. --- no-license.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/no-license.md b/no-license.md index 9299dfe..287c9ae 100644 --- a/no-license.md +++ b/no-license.md @@ -20,11 +20,13 @@ You don't have to do anything to not offer a license, though including a copyrig Disallowing use of your code might not be what you intend by "no license." An [open-source license](/) allows reuse of your code while retaining copyright. If your goal is to completely opt-out of copyright restrictions, try a [public domain dedication](/licenses/#unlicense). -Even in the absence of a license file, you may grant some rights in cases where you publish your source code to a site that requires accepting terms of service. For example, if you publish your source code in a public repository on GitHub, you have accepted the [Terms of Service](https://help.github.com/articles/github-terms-of-service) by which you allow others to view and fork your repository. +Even in the absence of a license file, you may grant some rights in cases where you publish your source code to a site that requires accepting terms of service. For example, if you publish your source code in a public repository on GitHub, you have accepted the [Terms of Service](https://help.github.com/articles/github-terms-of-service), which serves as an implicit quasi-license (via section F1), permitting others to view and fork your repository; but this alone does not allow for the kinds of collaboration that people usually seek on a public code host, such as experimentation, modification, and sharing as fostered by a copyleft or open-source license. ## For users -If you find software that doesn't have a license, that generally means you have no permission from the creators of the software to use, modify, or share the software. Your options: +If you find software that doesn't have a license, that generally means you have no permission from the creators of the software to use, modify, or share the software. To be clear, although a code host such as GitHub may allow you to download and/or fork the codebase, this does not imply that you are permitted to modify, share, or use the work for any purpose other than perhaps evaluation or private study. Unfortunately, the existence or limits of such implied permissions are often not clearly defined and one should be aware of the implications of such vagueness. One would be safe to assume that no unspecified permissions are granted even if they are technically possible or even facilitated by the provider. The GitHub Terms of Service, for example, explicitly permits only "viewing" and "forking" of public repos. It does not explicitly permit the work to be "used" for any purpose at all (e.g. not downloading, nor compiling, nor executing). So one may fork a non-licenced repo, but they can do no more with it than "view" it; rendering such forks quite pointless. GitHub also facilitates cloning your forks locally and even downloading of all public repos without forking which is clearly not "viewing" nor "forking" but "copying" (an activity that is restricted by the default copyright and not actually granted by their TOS); so one should also be wary of unspecified caveats such as this. + +Your options: **Ask the maintainers nicely to add a license.** Unless the software includes strong indications to the contrary, lack of a license is probably an oversight. If the software is hosted on a site like GitHub, open an issue requesting a license and include a link to this site, or if you're bold and it's fairly obvious what license is most appropriate, open a pull request to add a license. From 0c26959bc0e9aa176ea6f88eefa91de094682b1b Mon Sep 17 00:00:00 2001 From: Mike Linksvayer Date: Tue, 31 May 2016 09:39:14 -0700 Subject: [PATCH 2/4] abbreviate suggestion from @bill-auger --- no-license.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/no-license.md b/no-license.md index 287c9ae..d5e09f5 100644 --- a/no-license.md +++ b/no-license.md @@ -20,11 +20,11 @@ You don't have to do anything to not offer a license, though including a copyrig Disallowing use of your code might not be what you intend by "no license." An [open-source license](/) allows reuse of your code while retaining copyright. If your goal is to completely opt-out of copyright restrictions, try a [public domain dedication](/licenses/#unlicense). -Even in the absence of a license file, you may grant some rights in cases where you publish your source code to a site that requires accepting terms of service. For example, if you publish your source code in a public repository on GitHub, you have accepted the [Terms of Service](https://help.github.com/articles/github-terms-of-service), which serves as an implicit quasi-license (via section F1), permitting others to view and fork your repository; but this alone does not allow for the kinds of collaboration that people usually seek on a public code host, such as experimentation, modification, and sharing as fostered by a copyleft or open-source license. +Even in the absence of a license file, you may grant some rights in cases where you publish your source code to a site that requires accepting terms of service. For example, if you publish your source code in a public repository on GitHub, you have accepted the [Terms of Service](https://help.github.com/articles/github-terms-of-service), by which you allow others to view and fork your repository; but this alone does not allow for the kinds of collaboration that people usually seek on a public code host, such as experimentation, modification, and sharing as fostered by an open source license. ## For users -If you find software that doesn't have a license, that generally means you have no permission from the creators of the software to use, modify, or share the software. To be clear, although a code host such as GitHub may allow you to download and/or fork the codebase, this does not imply that you are permitted to modify, share, or use the work for any purpose other than perhaps evaluation or private study. Unfortunately, the existence or limits of such implied permissions are often not clearly defined and one should be aware of the implications of such vagueness. One would be safe to assume that no unspecified permissions are granted even if they are technically possible or even facilitated by the provider. The GitHub Terms of Service, for example, explicitly permits only "viewing" and "forking" of public repos. It does not explicitly permit the work to be "used" for any purpose at all (e.g. not downloading, nor compiling, nor executing). So one may fork a non-licenced repo, but they can do no more with it than "view" it; rendering such forks quite pointless. GitHub also facilitates cloning your forks locally and even downloading of all public repos without forking which is clearly not "viewing" nor "forking" but "copying" (an activity that is restricted by the default copyright and not actually granted by their TOS); so one should also be wary of unspecified caveats such as this. +If you find software that doesn't have a license, that generally means you have no permission from the creators of the software to use, modify, or share the software. Although a code host such as GitHub may allow you to download or fork the code, this does not imply that you are permitted to use, modify, or share the software for any purpose. Your options: From 49fca012805c457f3da856ec3bf01a33ebd4209e Mon Sep 17 00:00:00 2001 From: Mike Linksvayer Date: Tue, 31 May 2016 15:44:12 -0700 Subject: [PATCH 3/4] make tests not overwrite non-mutable document 'id' --- spec/license_meta_spec.rb | 2 +- spec/license_spec.rb | 2 +- spec/spec_helper.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/license_meta_spec.rb b/spec/license_meta_spec.rb index 8b5e583..0933085 100644 --- a/spec/license_meta_spec.rb +++ b/spec/license_meta_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe 'license meta' do licenses.each do |license| # Manually load the raw license so we don't get the defaults - raw_fields = SafeYAML.load_file("_licenses/#{license['id']}.txt") + raw_fields = SafeYAML.load_file("_licenses/#{license['spdx-lcase']}.txt") context "The #{license['title']} license" do it 'should only contain supported meta fields' do diff --git a/spec/license_spec.rb b/spec/license_spec.rb index 2a9ae68..1515fdb 100644 --- a/spec/license_spec.rb +++ b/spec/license_spec.rb @@ -7,7 +7,7 @@ describe 'licenses' do licenses.each do |license| context "The #{license['title']} license" do - let(:id) { license['id'] } + let(:id) { license['spdx-lcase'] } let(:spdx_id) { license['spdx-id'] } it 'has an SPDX ID' do diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 8c33f3c..cf1460f 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -35,7 +35,7 @@ def licenses SpecHelper.licenses ||= begin site.collections['licenses'].docs.map do |license| id = File.basename(license.basename, '.txt') - license.to_liquid.merge('id' => id) + license.to_liquid.merge('spdx-lcase' => id) end end end From b99e7ab017f12a518ef9506e9199fc680cfee2e9 Mon Sep 17 00:00:00 2001 From: Mike Linksvayer Date: Wed, 1 Jun 2016 08:36:56 -0700 Subject: [PATCH 4/4] replace 'id' variables with 'spdx_lcase' to minimize confusion --- spec/license_spec.rb | 6 +++--- spec/spec_helper.rb | 8 ++------ 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/spec/license_spec.rb b/spec/license_spec.rb index 1515fdb..2917392 100644 --- a/spec/license_spec.rb +++ b/spec/license_spec.rb @@ -7,7 +7,7 @@ describe 'licenses' do licenses.each do |license| context "The #{license['title']} license" do - let(:id) { license['spdx-lcase'] } + let(:spdx_lcase) { license['spdx-lcase'] } let(:spdx_id) { license['spdx-id'] } it 'has an SPDX ID' do @@ -15,7 +15,7 @@ describe 'licenses' do end it 'has an ID that is downcased SPDX ID' do - expect(spdx_id.casecmp(id).zero?) + expect(spdx_id.casecmp(spdx_lcase).zero?) end it 'uses its SPDX name' do @@ -26,7 +26,7 @@ describe 'licenses' do context 'industry approval' do it 'should be approved by OSI or FSF or OD' do - expect(approved_licenses).to include(id), 'See https://git.io/vzCTV.' + expect(approved_licenses).to include(spdx_lcase), 'See https://git.io/vzCTV.' end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index cf1460f..adec337 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -34,16 +34,12 @@ end def licenses SpecHelper.licenses ||= begin site.collections['licenses'].docs.map do |license| - id = File.basename(license.basename, '.txt') - license.to_liquid.merge('spdx-lcase' => id) + spdx_lcase = File.basename(license.basename, '.txt') + license.to_liquid.merge('spdx-lcase' => spdx_lcase) end end end -def license_ids - licenses.map { |l| l['id'] } -end - def site SpecHelper.site ||= begin site = Jekyll::Site.new(config)