Binaries under personal license should output warning

[adisbladis]

Currently it's not clear that Caddy is under EULA when running from something like https://hub.docker.com/r/abiosoft/caddy/ .

Caddy should output a warning on stdout/stderr stating the license requirements of the build.

[elcore]

Hello @adisbladis,

Caddy itself is licensed under Apache-2.0 without the EULA.

Caddy should output a warning on stdout/stderr stating the license requirements of the build.

This is not required if @abiosoft is building Caddy from the source code, e.g. using a multi-stage build (https://docs.docker.com/engine/userguide/eng-image/multistage-build/)

[abiosoft]

I will leave this open until I modify the docker image to build from source which should be within the next 48 hours hopefully.

Thanks.

[adisbladis]

@elcore I think the issue will still stand even @abiosoft modifies the image.

It's not currently clear whether the binary you are currently running is under EULA or not.

[elcore]

@adisbladis I'll have to refer you to @abiosoft, as he is responsible for the Docker image.

ping @mholt

[adisbladis]

@elcore I created a separate issue for that already abiosoft/caddy-docker#68

I just chose that image as an example of something non-compliant that is very easy to accidentally run and redistribute.

[peon-pasado-zeitnot]

https://github.com/mholt/caddy/releases/tag/v0.10.9 - there are EULA.txt and LICENCSE .txt file. LICENSE.txt contains Apache 2.0 license. I'm confused :(

[mholt]

The Apache license applies to the source code (and by extension, the unofficial, community-contributed init scripts that come with the binary) and the EULA applies to the executable file.

[abiosoft]

abiosoft/caddy-docker#68 is now closed.

[hernandev]

so it's ok to use caddy for commecial, when you build the binaries yourself?

[mholt]

@hernandev Yes.

[hernandev]

@mholt I distribute Caddy on docker images, so people will use a pre-built binary inside those docker images.

If they do so, commercially, would they be required to license it as well? They will not build it, I'm doing it, they will download binaries

[adisbladis]

@hernandev If you build from source you are only bound by the Apache2 license so commercial use is fine. You are free to redistribute the binaries you built..

@mholt You are being very reckless and irresponsible in regards to licensing. It's not OK to distribute software under these unclear terms.
As someone who cares about licensing compliance (and I know my clients lawyers do too) I don't get how you (or anyone else) is OK with potentially not knowing whether you are bound by an EULA or not.

[My1]

@mholt on this issue, is it even legit to upload release builds on github with such a restriction?

I mean what's on your site doesnt matter, but the fact that you upload the binaries with such an EULA on github can lead to quite some chaos, especially since no one can reasonably expect a limitation for personal use only to be hidden in an eula inside a binary uploaded to github in an open source repo.

Consider this: for your website you made it that the old DL links wont work anymore after a while but if one had his server set up to auto-dl the latest release from github, unpack the binary and drop the rest no one will have seen the eula change or anything, making it quite unexpected.

on top of all this we have the changelog for 0.10.9 which states:
"This release introduces our new EULA for binaries distributed through our website"
(bold by me)
this last part makes it clear that the eula applies to builds from the website but also (and that's the important part) implies that it doesnt exist for builds DLed from github.

[tobya]

Perhaps it might be worth outputting the version string with the startup output.
eg. the output of
caddy -version