Test suite depends on vcr, which is not free software

Question

Test suite depends on vcr, which is not free software

Apteryks opened this issue a year ago · comments

Hello,

The test suite depends on vcr, which due to its Hippocratic license, is not considered free and cannot be included in FSDG-compliant distributions (see this bug in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984689).

I had to disable the test suite of html-proofer in GNU Guix because of that.

Thanks!

Garen Torikian · Answer 1 · Sat Jan 07 2023 06:06:27 GMT+0800 (China Standard Time)

It seems that since version 6, the gem is dual-licensed under MIT and Hippocratic: https://github.com/vcr/vcr/blob/84e5040c3ba67a80d715773f0228a8e31541af1c/vcr.gemspec#L16

Would upgrading to v6 here help you?

Apteryks · Answer 2 · Sat Jan 07 2023 08:56:48 GMT+0800 (China Standard Time)

Hi!

It's not dual-licensed (that would defeat the point of the Hippocratic license); rather, the files contributed as MIT until the project switched license remain MIT, while the new files (and the whole) is covered by the Hippocratic license [0].

[0] vcr/vcr#804

Garen Torikian · Answer 3 · Sat Jan 07 2023 09:53:59 GMT+0800 (China Standard Time)

Are there any license compliant gems that do the same thing VCR does? I don’t mind replacing it with a new library but I’m struggling to find a solution here.

Apteryks · Answer 4 · Sat Jan 07 2023 10:34:22 GMT+0800 (China Standard Time)

If there's nothing else available we could try to use the older 5.0.18 version on commit g842b2bf, the last commit before the license switch (git describe: v5.0.0-18-g842b2bf).

Garen Torikian · Answer 5 · Sat Jan 07 2023 23:44:24 GMT+0800 (China Standard Time)

Well, html-proofer is locked and working with ~> 2.9, which is well below the version licensing change in 5.1.

I'm closing this out because I think I'm in compliance, but feel free to reopen/comment if I'm misunderstanding. Again, my understanding is that because this gem uses VCR 2.9.3, which is MIT licensed, that it is in compliance.

Apteryks · Answer 6 · Sun Jan 08 2023 12:27:04 GMT+0800 (China Standard Time)

Indeed, it's currently in compliance. Something to keep in mind for the future though. Cheers!

Garen Torikian · Answer 7 · Sun Jan 08 2023 14:38:51 GMT+0800 (China Standard Time)

Indeed, it's currently in compliance. Something to keep in mind for the future though.

As long as we’re giving unsolicited advice: perhaps Debian should try to work harder to give open source maintainers help in solving problems that affect their project, rather than go around raising false warnings. Instead of a project maintainer going around looking for dependencies that have licenses that fit Debian’s needs, Debian maintainers should go out and help the packages in question, or build their own alternatives.