this post was submitted on 26 Jun 2023
98 points (97.1% liked)

Open Source

31118 readers
1101 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
98
What should we do about license violations in apps that rely on work of Lemmy contributors? (lemmy.world)
submitted 1 year ago by [email protected] to c/[email protected]
21 comments fedilink hide all child comments
 

I found two apps that seem to be violating the AGPL license. They both use the AGPL-licensed lemmy-js-client library, which means the apps themselves should also use the same license (which is the whole purpose of Copyleft). But they aren't. I don't know if Lemmy developers and contributors are aware of this.

The apps:

https://github.com/ando818/lemmy-ui-svelte - Apache license

https://github.com/aeharding/wefwef - MIT license

What should we do about this as a community? I informed one of the app's developers about this and it doesn't seem like they care. I wonder if some of the proprietary apps that are being developed right now also rely on this library.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 14 points 1 year ago* (last edited 1 year ago) (1 children)

They are loading this library via NPM AFAIK, so it is not included in the repo. Of course the final compiled release should be AGPL, but they are free to use a more liberal license in their own repo as long as it allows combining with AGPL software.

MIT for sure, but I think also Apache license (one way?) allows this so I think on license grounds this is ok. But IANAL.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)

That's what I thought as well.

If you just clone the repo there will not be any sources from the AGPL:ed source within the project, only a text mentioning the name.

However if you build it locally, it will pull in the third party libraries. So as long as they aren't distributing any built packages without a AGPL-compatible license, I don't think they are doing anything wrong.

(IANAL)

[–] [email protected] 3 points 1 year ago

Agreed, I think this is a misunderstanding as well of the AGPL but IANAL