What is this project’s license?
alexec opened this issue · comments
I do not understand the license for this project. It looks like it is does not have a license, because I don’t believe that “copyright” is a license, an nothing like MIT or Apache 2 is mentioned.
License file is here: https://github.com/microcosm-cc/bluemonday/blob/main/LICENSE.md
BSD 3-clause: https://opensource.org/licenses/BSD-3-Clause
Must retain copyright info as per standard BSD 3-clause, and if reproduced in binary must also reproduce copyright info.
looks like it is does not have a license
Uses standard LICENSE.md
Shows the license on the right hand side of the Github page:
Reproduces the license at the top of all source files.
nothing like MIT or Apache 2 is mentioned
Because it's BSD 3-clause, which is also an approved OSI license.
I should add... if your company is allergic to BSD 3-clause and doesn't wish to reproduce the copyright notice according to the license, then I would be open to a discussion about dual-licensing for a fee but with no implied warranty. Given that I haven't done that before I would involve a lawyer so the fee would be above a hobby donation amount but below a new vendor contract approval - think low thousands $$$ to cover the costs of involving legal counsel to do this.
Thank you. It would be great if this was more cleary stated in the LICENCE file. The off-the-shelf BSD-3 clause does (to my eyes) make it clear that is BSD-3.
Regarding licences we are allowed to use, obviously MIT and Apache 2 are allowed. We're an OSS project, so we probably would not use a dependency that requires attribution, due to inconvenience and fear more that anything else.
Regardless, I believe for our use case, we can achive adaquate sandboxing using CSP and iframes.