Gitea: Please clarify licensing situation and clarify whether gitea is actually under a free license

Project itself is licensed under MIT license, we can't really check every single dependency of dependencies. So it is not really a right statement that if project is using any dependency with other license than project itself is not free.

Concerning identified problematic cases:

• github.com/couchbase/goutils/LICENSE.md - dependency of dependency
• github.com/glycerine/go-unsnap-stream/LICENSE - dependency of dependency
• github.com/gogits/chardet/LICENSE - is ICU not free license? I can't really comment on this
• gopkg.in/yaml.v2/LICENSE.libyaml - APACHE-2.0 + MIT

I agree with @lafriks and if a dependency author has truly a problem with integrating their code into Gitea (which would be insane, in most cases) they can send a message requesting removal of the dependency from the Gitea project. I don't see a problem in that.

I think the couchbase atrocity needs looking at. It's fortunately non-infective as far as I can see. We could probably get away with making it build tag dependent but we could consider removing it from the codebase entirely - the license doesn't really induce me to make me give my free time to support them.

We probably need to make it clear that some parts of the codebase are MIT, some BSD, some Apache perhaps as part of a license collation section.

We should also look at which bits of Gitea are under Apache 2.0 and whether we can rewrite them or get them relicensed back to MIT. However these are all compatible non infective licenses.

We should also look at which bits of Gitea are under Apache 2.0 and whether we can rewrite them or get them relicensed back to MIT.

Is this crucial? I thought they are interchangeable for the most part.

@Akito13 it's just a bit messy really - I think we'd probably get away with saying "the majority of the code is under MIT with a few parts under Apache and BSD - please see the code for further information." However we can't just say that the code is licensed under MIT and gloss over them - Apache 2 does impose an obligation on downstream users that MIT does not.

I think we have been slightly cavalier with adding dependencies - that's always the case with feature expansion. We may want to consider paring back some of these, however that would likely involve reinventing the wheel.

Could this be split at some point to 'remove proprietary dependencies' or 'allow building with only free dependencies' once a list is made?

allow building with only free dependencies

Isn't this still triggering the event:

reinventing the wheel

?

No, an option to disable features that depend on nonfree dependencies is acceptable.

go-unsnap-stream is MIT since last year: https://github.com/glycerine/go-unsnap-stream/commit/f9677308dec2b35e76737f9713df328ad11b1fea
As for 13 hours, goutils is now Apache licensed: https://github.com/couchbase/goutils/commit/b49639060d85b267c5bdb7d4e3246d4ccca94e79

No, an option to disable features that depend on nonfree dependencies is acceptable.

I would find that kind of pointless. That is a really bad way to design software. This would create a much bigger development effort and risk of bugs, etc. just to make a second option that actually takes away value from the project, instead of adding value to it. Maybe if there would be a way to tone down features, that would be discussable.

I think the only way to make this idea work is if there was a second version of Gitea, like "LibreGitea", "GiteaLibre" or "Gitea L" (I guess you would need to replace Libre with Free, in case of using MIT as the primary target). This would merge everything from upstream, that is F(L)OSS into this version. Secondly, it would not be maintained by the Gitea head developers, as they already are more than enough busy with the actual Gitea.

https://github.com/go-gitea/gitea/blob/master/vendor/github.com/gogits/chardet/icu-license.html this looks like the MIT license with an advertising clause. So everything looks free now, at least upstream.

I think https://github.com/go-gitea/gitea/pull/7849 will check the status when new codes merged.

If anyone's interested I did a quick patch that removes couchbase in v1.9.4: https://github.com/Jookia/gitea/commit/6a3129cd529341395c71a9e6cfde132e2006e3c6 In the gitea code itself (ignoring Go dependency management): 5 files changed, 1 insertion(+), 16 deletions(-)
So that could be a useful tool for packagers until the goutils package is updated.

Edit: Posted in the Gentoo packaging issue

As for 13 hours, goutils is now Apache licensed: couchbase/goutils@b496390

@Jookia Why not just update couchbase/goutils since it has updated license?

I don't have the time to learn the skills to do that at the moment, nor the expertise to debug it and test it since I don't use couchbase.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

So this issue is now definitely solved a 100%?

@theAkito the couchbase dep is now updated to use the MIT licensed version, and Gitea remains published under MIT.