Comment by mhh__
7 years ago
Would this mean that only their changes to the GPL would be forced to be made public or the whole piece of software using it?
7 years ago
Would this mean that only their changes to the GPL would be forced to be made public or the whole piece of software using it?
The whole thing.
Correct and if nobody asks they are fine in doing so. But they must comply if possible. If the code is gone then I am not sure they can be forced to give it.
> Correct and if nobody asks they are fine in doing so. But they must comply if possible. If the code is gone then I am not sure they can be forced to give it.
There must be some kind of remedy available in that event.
2 replies →
This is one reason I hate npm. Who really checks that sprawling byzantine dependency tree to make sure that there isn't some micropackage that has a GPL license that could get included and taint the whole thing?
I just have the horrors when I look at the package.json file after the front-end folks have been allowed to run free...
There's tools [0] to help check the licenses of all your dependencies. I think larger companies build up a whitelist of libraries as they're reviewed and approved.
[0] https://github.com/davglass/license-checker
3 replies →
Shouldn't you be more concerned about the quality of the code? If no one has bothered to check the license, I'm sure nobody has studied it for a backdoor.
1 reply →
Shouldn't this be something that npm could support checking as a first class feature?
1 reply →
one can hope that front-end and back-end are truly separated
They would have to release the whole thing to come into compliance with the license, but they are not obligated to do so.