Question about license identifier
capfei opened this issue · comments
The license states HPND and I saw a PR from last year to get that text to match closer to what is listed on SPDX. However, I see that the Pillow license text actually matches what SPDX calls MIT-CMU (https://spdx.org/licenses/MIT-CMU.html) because of the additional text that is not included in HPND:
By obtaining, using, and/or copying this software and/or its associated
documentation, you agree that you have read, understood, and will comply
with the following terms and conditions:
For clarity, would it make sense to change Like PIL, Pillow is licensed under the open source HPND License to be MIT-CMU or maybe add the SPDX identifier to the license?
SPDX Identifier: MIT-CMU
@capfei Thank you for raising this issue! I'm not sure if that adds any clarity… please see: #1507 which references the origin of that discrepancy https://web.archive.org/web/20190323004036/https://effbot.org/zone/copyright.htm. Also let's ask @tieguy to comment. In an already-confusing-environment, it may be "more clear" to retain the historical HPND license.
Yeah, I validated this now with an automated tool (eyeballed it when we did this yearrrrrs ago) and it indeed more correctly labeled as MIT-CMU. Sorry for the extra work, @aclark4life !
Yeah, I validated this now with an automated tool (eyeballed it when we did this yearrrrrs ago) and it indeed more correctly labeled as MIT-CMU. Sorry for the extra work, @aclark4life !
No trouble at all, but just so I understand:
- The "Standard PIL License" is actually MIT-CMU
- We thought the "Standard PIL License" was HPND but that was a mistake so now we should fix that mistake by change all of our references to "Standard PIL License" or HPND to MIT-CMU
At least that's my current understanding. Either way, the answer to questions like this one are still the same: comply with the terms of the license! I mean this is pretty clear whatever you call it:
By obtaining, using, and/or copying this software and/or its associated documentation, you agree that you have read, understood, and will comply with the following terms and conditions:
Permission to use, copy, modify, and distribute this software and its associated documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies, and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of the copyright holder not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.
THE COPYRIGHT HOLDER DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM THE LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Yes, let's update HPND -> MIT-CMU.
However, there is no Trove classifier for MIT-CMU:
We can request a new classifier by opening an issue:
https://pypi.org/help/#new-classifier
However, most of the others, like MIT and HPND, have "OSI Approved" in the classifier and can be found on the OSI website, but I don't see MIT-CMU:
https://opensource.org/license?ls=CMU
Approval is consensus-based via a mailing list and takes 60 days:
https://opensource.org/licenses/review-process
They also have another list to ask advice before proposing. I expect MIT-CMU should be fine as a legacy licence and due to its similarity to HPND?
@aclark4life Would you like to take care of this, check the criteria are met, and draft something up?
It's 77 days until the next release, a bit tight but not impossible!
TODO:
- Request OSI approval for MIT-CMU via mailing list
- When OSI approved, request MIT-CMU Trove classifier
- When Trove classifier created, update Pillow source