Comments (11)
It may be fair to wonder whether it's useful to have the license for the old version even included there? People using the old code have the relevant license already.
from matplotlib.
I am hesitant to make any changes to our license without someone else's lawyer claiming there actually is a problem and would not make any changes until our lawyer agrees and signs off on any changes.
from matplotlib.
Guideline B.3.4 specifically calls out "replaceable text", including those pieces of a license which refer to the copyright holder/name of the project/copyright dates/etc.
The original replaceable text appears on the SPDX License List webpage in red text.
https://spdx.github.io/spdx-spec/v2.3/license-matching-guidelines-and-templates/
The PSF License has all (at least as far as I see) pieces that Matplotlib replaces listed in red on SPDX's website:
https://spdx.org/licenses/PSF-2.0.html
That to me means that the relevant portion of the LICENSE file does match sufficiently.
There may be other problems with matching the automated filter tools, in particular we have a small header that indicates which versions the license text is relevant for and the license text for older versions.
Am I missing something here?
from matplotlib.
I compared the test of the license to the python 2.0 license here: https://opensource.org/license/python-2-0, and it is word-for-word the same except that Python is replaced with matplotlib and PSF is replaced with MDT.
The flagged differences are not things we can change (as they are the project name and the entity holding the copy right!), and even if they were I'm very (very) reluctant to go down the path of developing a process to change our license.
I'm not really clear who this is causing problems for, why it is causing problems, and the scale of the problems it is causing relative to scale of what it would take to change our LICENSE file.
from matplotlib.
Guess then the request is to register your license (and identifier) as a valid SPDX license for easier programmatic parsing/detection. Also it would correct the https://pypi.org/project/matplotlib/ record for this project as it assumes a Python Software Foundation License
which you yourself have just stated is an inaccurate representation of matplotlib
from matplotlib.
This discussion seems relevant: https://discuss.python.org/t/making-the-psfl-2-0-better-for-the-community/10430/12
from matplotlib.
and @samuelmakarovskiy, with regards to the phrase "which you yourself have just stated", what follows was not what he wrote. That is a conclusion you are drawing from what he wrote, so please do not put words in other people's mouths. As far as I have been involved, I've always considered our license to be essentially the same as the PSFL even if it wasn't explicitly templated for it like the BSD 3 clause license is.
As for SPDX, I have never heard of it, and it would be useful if you could explain why it would be better for everyone for us to register a new license and identifier. Has this been an issue for any other project that also did the same as we did with respect to their license?
from matplotlib.
@WeatherGod apologies for how that came across, let me rephrase:
As for SPDX, I have never heard of it, and it would be useful if you could explain why it would be better for everyone for us to register a new license and identifier.
SPDX (sponsored by the Linux Foundation) is (arguably) the most widely adopted licensing standard to for the licensing of Open Source projects to make licensing more consistent for both maintainers and users of open source software so that the maintainers wishes on distribution are explicit and respected. You can verify this with a quick scan across pypi, npm, maven, etc and look at license texts of the linked source, they would usually fall neatly into an SPDX ID category verbatim.
This consistency makes it easier for:
- maintainers because there is no ambiguity about what a license means.
- Users because, again, there is no ambiguity about what a license means.
- Automated scanning tools (that work on behalf of developers so they don't need to be lawyers and can respect maintainer wishes)
What that all really means is that an "spdx identifier" is a short ID for a the entirety of the license text and if your license text matches that of the short ID, that's it, you have an SPDX License which will help repositories like pypi/npm/maven/etc classify your packages correctly and for license repository tools like ClearlyDefined to do the same.
I've always considered our license to be essentially the same as the PSFL even if it wasn't explicitly templated for it like the BSD 3 clause license is.
As it stands "PSFL" v1 is not a valid SPDX license, and yours isn't verbatim it as @tacaswell has pointed out. Meaning a user (and more realistically, a lawyer) would need to parse your license text before deciding if they should/can use the package.
So the ask here is:
Either:
- Register a new SPDX identifier that is your current license verbatim
- If an existing SPDX license (with exceptions as needed - details noted below) fits the legal requirements of your current license, feel free to just change to an existing one
🗒️ NOTE: The license of course cannot be changed for older versions, However, it can be changed for future releases that this change is included in. If desired, you can have complex licenses: with "exceptions", "AND" conditions, or "OR" conditions. More details are available in the spdx docs
Matplotlib is a VERY widely used package that has widespread adoption, so standardizing licensing text to make it easier for users to know the distribution/attribution etc requirements of including it would make it easier.
Also, thank you for having such an active community and triaging this so quickly! ❤️
from matplotlib.
The SPDX license is PSF-2.0 AND MIT AND CC0-1.0
for code + OFL-1.1 and Bitstream-Vera and LicenseRef-Fedora-Public-Domain
for fonts (though note the latter is an exception for existing DejaVu licenses).
Edit: sorry for the accidental close.
from matplotlib.
I am hesitant to make any changes to our license without someone else's lawyer claiming there actually is a problem and would not make any changes until our lawyer agrees and signs off on any changes.
Just putting it on your radar as an action item. If your lawyer finds SPDX formats for licenses suitable, it makes complying with it easier in a day and age of programmatic and automatic build tooling.
from matplotlib.
@QuLogic, can you clarify a bit? Are you saying that that is what our SPDX entry would be right now, or what it potentially could be?
from matplotlib.
Related Issues (20)
- [Bug]: interpolation_stage="rgba" does not respect array-alpha HOT 1
- [Bug]: axvspan no longer participating in limit calculations HOT 3
- [Bug]: subfigure artists not drawn interactively HOT 7
- [Bug]: Minor issue - Drawing an axline sets slopes less than 1E-8 to 0 HOT 4
- [Bug]: Can not close figure when using multiple figures on MacOS X HOT 4
- [Bug]: matplotlib/kiwisolver dependency fails to load on windows 10 (hacky solution included) HOT 1
- [Bug]: A self-overlapping 3D polygon with a flipped surface normal face cancels out a lower face HOT 3
- [ENH]: A "Center" extent for imshow() HOT 2
- [TST] Upcoming dependency test failures HOT 3
- [Bug]: Matplotlib importing issue after successful installation and check all dependencies HOT 1
- [Doc]: matplotlib.widgets.CheckButtons no longer has .rectangles attribute, needs removed.
- [Bug]: Normalize.autoscale gets broken by np.nan values
- [Bug]: Animation does not display properly if not created at top-level regardless of gc HOT 1
- [ENH]: mplot3d mouse rotation style HOT 7
- Cannot install. CI builds failing HOT 3
- [Bug]: Matplotlib hangs in while loop HOT 1
- [ENH]: Zoom in/out on rolling the mouse wheel HOT 5
- restoreOverrideCursor called here destroys any override cursor set in a pyqt application
- [Doc]: axhspan and axvspan now return Rectangles, not Polygons. HOT 8
- [Doc]: Compress copyright message HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from matplotlib.