Hadley Wickham
2020-Sep-11 23:06 UTC
[Rd] Including full text of open source licenses in a package
Hi all, R-exts currently requests that package authors don't include copies of standard licenses:> Whereas you should feel free to include a license file in your source distribution, please do > not arrange to install yet another copy of the GNU COPYING or COPYING.LIB files but > refer to the copies on https://www.R-project.org/Licenses/ and included in the R distribution > (in directory share/licenses). Since files named LICENSE or LICENCE will be installed, > do not use these names for standard license files.I'd like to request that this condition be removed because it makes it overly difficult to ensure that every version of your package (source, tar.gz, binary, and installed) includes the full text of the license. This is important because most open source licenses explicitly require that you include the full text of the license. For example, the GPL faq (http://www.gnu.org/licenses/gpl-faq.html#WhyMustIInclude) states:> Why does the GPL require including a copy of the GPL with every copy of the program? > (#WhyMustIInclude) > > Including a copy of the license with the work is vital so that everyone who gets a copy of > the program can know what their rights are. > > It might be tempting to include a URL that refers to the license, instead of the license > itself. But you cannot be sure that the URL will still be valid, five years or ten years from > now. Twenty years from now, URLs as we know them today may no longer exist. > > The only way to make sure that people who have copies of the program will continue > to be able to see the license, despite all the changes that will happen in the network, > is to include a copy of the license in the program.This analysis by an open source lawyer, https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-Line.html#notice-condition, reinforces the same message for the MIT license. Currently we've been working around this limitation by putting a markdown version of the license in LICENSE.md and then adding that to .Rbuildignore (this ensures that the source version on GitHub includes the license even if the CRAN version does not). Ideally, as well as allowing us to include full text of licenses in LICENSE or LICENSE.txt, a LICENSE.md at the top-level of the package would also be explicitly permitted. Hadley -- http://hadley.nz
Abby Spurdle
2020-Sep-12 08:56 UTC
[Rd] Including full text of open source licenses in a package
> > Including a copy of the license with the work is vitalHmmm... Agree. Just for context: CRAN has a history of being exceptionally useful and efficient. In general, I don't support suggestions to change their submission policies.
Hugh Parsonage
2020-Sep-12 09:38 UTC
[Rd] Including full text of open source licenses in a package
Perhaps I have misread that excerpt from WRE, but my read is that package authors should not duplicate GNU COPYING, since it is present in all R distributions already when using GPL-2 and friends. It doesn't apply to packages distributed with other licenses. It should be noted that in GPL FAQ just below the part you quoted it says> A clear statement in the program's README file is legally sufficient as long as that accompanies the code, but it is easy for them to get separated.On Sat, 12 Sep 2020 at 09:06, Hadley Wickham <h.wickham at gmail.com> wrote:> > Hi all, > > R-exts currently requests that package authors don't include copies of > standard licenses: > > > Whereas you should feel free to include a license file in your source distribution, please do > > not arrange to install yet another copy of the GNU COPYING or COPYING.LIB files but > > refer to the copies on https://www.R-project.org/Licenses/ and included in the R distribution > > (in directory share/licenses). Since files named LICENSE or LICENCE will be installed, > > do not use these names for standard license files. > > I'd like to request that this condition be removed because it makes it > overly difficult to ensure that every version of your package (source, > tar.gz, binary, and installed) includes the full text of the license. > This is important because most open source licenses explicitly require > that you include the full text of the license. For example, the GPL > faq (http://www.gnu.org/licenses/gpl-faq.html#WhyMustIInclude) states: > > > Why does the GPL require including a copy of the GPL with every copy of the program? > > (#WhyMustIInclude) > > > > Including a copy of the license with the work is vital so that everyone who gets a copy of > > the program can know what their rights are. > > > > It might be tempting to include a URL that refers to the license, instead of the license > > itself. But you cannot be sure that the URL will still be valid, five years or ten years from > > now. Twenty years from now, URLs as we know them today may no longer exist. > > > > The only way to make sure that people who have copies of the program will continue > > to be able to see the license, despite all the changes that will happen in the network, > > is to include a copy of the license in the program. > > This analysis by an open source lawyer, > https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-Line.html#notice-condition, > reinforces the same message for the MIT license. > > Currently we've been working around this limitation by putting a > markdown version of the license in LICENSE.md and then adding that to > .Rbuildignore (this ensures that the source version on GitHub includes > the license even if the CRAN version does not). Ideally, as well as > allowing us to include full text of licenses in LICENSE or > LICENSE.txt, a LICENSE.md at the top-level of the package would also > be explicitly permitted. > > Hadley > > -- > http://hadley.nz > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel
Hadley Wickham
2020-Sep-12 13:07 UTC
[Rd] Including full text of open source licenses in a package
On Saturday, September 12, 2020, Hugh Parsonage <hugh.parsonage at gmail.com> wrote:> Perhaps I have misread that excerpt from WRE, but my read is that > package authors should not duplicate GNU COPYING, since it is present > in all R distributions already when using GPL-2 and friends. It > doesn't apply to packages distributed with other licenses. > >The directory to which it refers, https://www.r-project.org/Licenses/, includes many open source licenses, not just those used for R. I?m also pretty sure I?ve had a package fail CRAN submission for this problem in the past.> It should be noted that in GPL FAQ just below the part you quoted it says > > A clear statement in the program's README file is legally sufficient as > long as that accompanies the code, but it is easy for them to get separated. >That question (https://www.gnu.org/licenses/gpl-faq.en.html#LicenseCopyOnly) is about whether a copy of the license in a file is sufficient, or whether you must also include a statement at the top of every source file. Hadley -- http://hadley.nz [[alternative HTML version deleted]]