I found two apps that seem to be violating the AGPL license. They both use the AGPL-licensed lemmy-js-client library, which means the apps themselves should also use the same license (which is the whole purpose of Copyleft). But they aren’t. I don’t know if Lemmy developers and contributors are aware of this.

The apps:

https://github.com/ando818/lemmy-ui-svelte - Apache license

https://github.com/aeharding/wefwef - MIT license

What should we do about this as a community? I informed one of the app’s developers about this and it doesn’t seem like they care. I wonder if some of the proprietary apps that are being developed right now also rely on this library.

Update: wefwef now includes the AGPL license in the repo. Thank you to the Lemmy user who reported it to the author and to the author for quickly resolving the issue :)

    • @[email protected]
      link
      fedilink
      English
      341 year ago

      After reviewing this, I’ve updated the license for Memmy. Frankly had no idea, good idea to let people know like you said and just kindly inform them through GitHub or otherwise.

      • @FreesoftwareenjoyerOP
        link
        English
        9
        edit-2
        1 year ago

        Thanks for changing it so quickly :). Your app looks very cool, btw. I don’t use iOS, but I will start recommending it to others.

        Edit: just noticed that it’s for Android too. But I assume it’s not in the store yet?

  • @[email protected]
    link
    fedilink
    411 year ago

    File an issue in their repos, sometimes people (understandably) do not understand licencing very well — or it might be they were granted an exception.

    If that fails you can contact the library author and the repositories who host the code.

    • @[email protected]
      link
      fedilink
      131 year ago

      This.

      Not all violations are ill-intended, and most amaetur devs aren’t specialists in licensing.

      • EvanM
        link
        fedilink
        121 year ago

        Most professional developers aren’t either. Many companies employ people and/or deploy software to detect license violations

  • @[email protected]
    link
    fedilink
    161 year ago

    Here’s the relevant section of the GPL FAQ:

    https://www.gnu.org/licenses/gpl-faq.html#IfLibraryIsGPL

    If a library is released under the GPL (not the LGPL), does that mean that any software which uses it has to be under the GPL or a GPL-compatible license? (#IfLibraryIsGPL)

    Yes, because the program actually links to the library. As such, the terms of the GPL apply to the entire combination. The software modules that link with the library may be under various GPL compatible licenses, but the work as a whole must be licensed under the GPL. See also: What does it mean to say a license is “compatible with the GPL”?

  • poVoq
    link
    fedilink
    16
    edit-2
    1 year ago

    They are loading this library via NPM AFAIK, so it is not included in the repo. Of course the final compiled release should be AGPL, but they are free to use a more liberal license in their own repo as long as it allows combining with AGPL software.

    MIT for sure, but I think also Apache license (one way?) allows this so I think on license grounds this is ok. But IANAL.

    • @[email protected]
      link
      fedilink
      10
      edit-2
      1 year ago

      That’s what I thought as well.

      If you just clone the repo there will not be any sources from the AGPL:ed source within the project, only a text mentioning the name.

      However if you build it locally, it will pull in the third party libraries. So as long as they aren’t distributing any built packages without a AGPL-compatible license, I don’t think they are doing anything wrong.

      (IANAL)

    • @FreesoftwareenjoyerOP
      link
      2
      edit-2
      1 year ago

      The compiled application will contain this library, which means the author is required to share their source code under the AGPL license when they deploy/distribute their app. Perhaps they are allowed to release it under both AGPL and MIT (maybe that’s what you also meant)?

  • @[email protected]
    link
    fedilink
    121 year ago

    I believe it’s up to the license holder to enforce it.

    So notifying the respective projects can’t hurt, but if they refuse to comply, and the copyright owner of lemmy-js-client doesn’t care, then the code is probably licensed incorrectly

    • @[email protected]
      link
      fedilink
      10
      edit-2
      1 year ago

      I mean if you really wanted to enforce it, anyone who contributed to Lemmy-js-client can submit a DMCA takedown. But that would be beyond silly, since most people are just trying to build cool things and don’t want to enter a licensing drama.

      Best course of action is to point out the license error and let downstream figure it out.

      • @FreesoftwareenjoyerOP
        link
        21 year ago

        Perhaps it would be silly in this case, but if someone made a proprietary app using a Copyleft licensed library, that wouldn’t be fun.

  • mo_ztt ✅
    link
    81 year ago

    I’m just a bystander here, but I would recommend to take this very seriously. The free-software-writing community already gets a certain amount of license abuse from the corporate side (RHEL being a recent example). If we are being lax about license violations internally, that puts us in a much weaker position in the face of whatever is inevitably coming in the future.

    E.g., maybe Meta grabs the MIT-licensed app, adds additional technology to it that makes life difficult for the existing Fediverse community, and deploys it, refuses to share their changes. They could do that anyway, and we might have to figure out how to respond to it, but it puts us on a lot firmer ground legally and PR-wise if we’ve been on point about our internal licensing up until that point vs. if no one’s really been bothered about license violations in the past.

    It doesn’t mean that someone from the community who’s just trying to contribute something good and doesn’t share that viewpoint suddenly needs to become “the enemy.” We can just have an open discussion about the technical details of licensing and why they’re important. But I wouldn’t take it lightly.