I found two apps that seem to be violating the AGPL license. They both use the AGPL-licensed lemmy-js-client library, which means the apps themselves should also use the same license (which is the whole purpose of Copyleft). But they aren’t. I don’t know if Lemmy developers and contributors are aware of this.

The apps:

https://github.com/ando818/lemmy-ui-svelte - Apache license

https://github.com/aeharding/wefwef - MIT license

What should we do about this as a community? I informed one of the app’s developers about this and it doesn’t seem like they care. I wonder if some of the proprietary apps that are being developed right now also rely on this library.

    • gkd@lemmy.ml
      link
      fedilink
      English
      arrow-up
      26
      ·
      1 year ago

      After reviewing this, I’ve updated the license for Memmy. Frankly had no idea, good idea to let people know like you said and just kindly inform them through GitHub or otherwise.

      • Freesoftwareenjoyer@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        1 year ago

        Thanks for changing it so quickly :). Your app looks very cool, btw. I don’t use iOS, but I will start recommending it to others.

        Edit: just noticed that it’s for Android too. But I assume it’s not in the store yet?

        • gkd@lemmy.ml
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          I think I got stuck in review hell. I resubmitted a build today.

  • fafff@lemmy.ml
    link
    fedilink
    arrow-up
    26
    ·
    1 year ago

    File an issue in their repos, sometimes people (understandably) do not understand licencing very well — or it might be they were granted an exception.

    If that fails you can contact the library author and the repositories who host the code.

    • fulano
      link
      fedilink
      arrow-up
      13
      ·
      1 year ago

      This.

      Not all violations are ill-intended, and most amaetur devs aren’t specialists in licensing.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    14
    ·
    edit-2
    1 year ago

    They are loading this library via NPM AFAIK, so it is not included in the repo. Of course the final compiled release should be AGPL, but they are free to use a more liberal license in their own repo as long as it allows combining with AGPL software.

    MIT for sure, but I think also Apache license (one way?) allows this so I think on license grounds this is ok. But IANAL.

    • warg@lemmy.ml
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      1 year ago

      That’s what I thought as well.

      If you just clone the repo there will not be any sources from the AGPL:ed source within the project, only a text mentioning the name.

      However if you build it locally, it will pull in the third party libraries. So as long as they aren’t distributing any built packages without a AGPL-compatible license, I don’t think they are doing anything wrong.

      (IANAL)

  • StudioLE@programming.dev
    link
    fedilink
    arrow-up
    11
    arrow-down
    1
    ·
    1 year ago

    Here’s the relevant section of the GPL FAQ:

    https://www.gnu.org/licenses/gpl-faq.html#IfLibraryIsGPL

    If a library is released under the GPL (not the LGPL), does that mean that any software which uses it has to be under the GPL or a GPL-compatible license? (#IfLibraryIsGPL)

    Yes, because the program actually links to the library. As such, the terms of the GPL apply to the entire combination. The software modules that link with the library may be under various GPL compatible licenses, but the work as a whole must be licensed under the GPL. See also: What does it mean to say a license is “compatible with the GPL”?

  • thefool@sh.itjust.works
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    I believe it’s up to the license holder to enforce it.

    So notifying the respective projects can’t hurt, but if they refuse to comply, and the copyright owner of lemmy-js-client doesn’t care, then the code is probably licensed incorrectly

    • OsrsNeedsF2P@lemmy.ml
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      1 year ago

      I mean if you really wanted to enforce it, anyone who contributed to Lemmy-js-client can submit a DMCA takedown. But that would be beyond silly, since most people are just trying to build cool things and don’t want to enter a licensing drama.

      Best course of action is to point out the license error and let downstream figure it out.

  • mo_ztt ✅@lemmy.world
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    I’m just a bystander here, but I would recommend to take this very seriously. The free-software-writing community already gets a certain amount of license abuse from the corporate side (RHEL being a recent example). If we are being lax about license violations internally, that puts us in a much weaker position in the face of whatever is inevitably coming in the future.

    E.g., maybe Meta grabs the MIT-licensed app, adds additional technology to it that makes life difficult for the existing Fediverse community, and deploys it, refuses to share their changes. They could do that anyway, and we might have to figure out how to respond to it, but it puts us on a lot firmer ground legally and PR-wise if we’ve been on point about our internal licensing up until that point vs. if no one’s really been bothered about license violations in the past.

    It doesn’t mean that someone from the community who’s just trying to contribute something good and doesn’t share that viewpoint suddenly needs to become “the enemy.” We can just have an open discussion about the technical details of licensing and why they’re important. But I wouldn’t take it lightly.