Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consolidating Efforts #127

Open
TonyValenti opened this issue Jul 21, 2021 · 1 comment
Open

Consolidating Efforts #127

TonyValenti opened this issue Jul 21, 2021 · 1 comment

Comments

@TonyValenti
Copy link

hi @samuelneff -
I am the new maintainer of:
https://www.nuget.org/packages/Mime-Detective/
https://github.com/MediatedCommunications/Mime-Detective

and have recently published an update expanding to over 14,000 mime signatures. Are you open to combining/joining efforts?
@markusschaber
Copy link

markusschaber commented Jul 22, 2021
edited

I'm always in favor of reducing duplicate efforts, and joining forces in free software. And Mime-Detective seems to be an impressive project!

However, Mime-Detective seems to have a custom license. It is based on the MIT license, but comes with the following extra clauses:

--> SUPPORT SOURCE-CODE UNITY:
--> NO DERIVITIVE PACKAGE MAY BE DISTRIBUTED THROUGH ANY PACKAGE MANAGEMENT SYSTEM.
--> (IE. YOU MAY NOT PUBLISH A DERIVITIVE PACKAGE THROUGH NUGET.ORG.)

I'm wondering whether this additional restriction still qualifies as free software. It's definitely incompatible with some CopyLeft licenses like the GPL, and in my eyes, also violates the "free redistribution" requirement of the Open Source Initiative, as well as the Debian Free Software Guidelines.

For example, I cannot use Mime Detective as part of a (hypothetical) Visual Studio extension, and then distribute this as vsix package in the VS marketplace, as the marked place together with the Visual Studio extension management system clearly constitutes a package management system.

Also, Linux distributions cannot legally redistribute builds of the library (or applications including the library) in their native package format, like RPM, DEB or Snap. One could also argue that docker images and the registry can constitute a "package management system", rendering it illegal for container based scenarios.

And it is not legal to port the code to other languages like TypeScript or Rust, and then publish it on NPM.org or on crates.io.

As a side note, the signature database "is derived from the publicly available TrID file signatures which may be used for personal/non-commercial use (free) or with a paid commercial license (usually around 300€)." In some jurisdictions, like Germany, databases (as machine-readable, structured collections of data) are covered by copyright, even if the individual entries as such are not covered. Thus, I'm a bit surprised you got the permission of the TrID maintainers to publish their IP under this license, as it effectively undermines their business model, at least a bit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@markusschaber @TonyValenti