License issue about dompurify HOT 13 CLOSED

Just out of curiosity: What are the concerns regarding the MPL which don't arise with other copyleft licenses?

from dompurify.

What do you mean "other copyleft licenses"? As far as I know, Apache, BSD, MIT are not copyleft licenses. We would have extra requirements regardless of which copyleft license is used and MPL is likely the most permissive of all the copyleft licenses.

There was no specific concerns as far as I know. It's just easier if it was MIT or Apache which most open JS libraries are.

(I am not a lawyer)

from dompurify.

Hi all :)

It's just easier if it was MIT or Apache which most open JS libraries are.

What is "it"? What's easier? Just asking to understand the need for this possible addition.

from dompurify.

Speaking generally (not LinkedIn specific), someone using this library would typically pull down the source and minify/concenate this with other JS. We can make the minification steps smart about keeping license info but we would need to address questions around "distribution" since this JS, the only way to use this code is to distribute it, "binary vs source" since we are minifying code which MPL treats as binary and "viral-ness" of this license as most production sites would combine some proprietary JS with this library when creating a single "file" to serve.

I'm not looking for answers here. I'm sure every company would have different lawyers to interpret these issues for themselves but it's "easier" if we didn't have to answer them at all.

from dompurify.

For our company (Zimbra), Apache 1.1, 2.0 are considered free and clear for use. MPL of any sort requires review by our legal team to see how the code will be used. I think the larger difference is that the Apache License (2.0) does not require end user modifications to be shared back to a project, while MPL does in some circumstances.

http://choosealicense.com/licenses/ has a basic bullet point of differences between the two as well.

from dompurify.

Thanks @jimmyhchan and @quanah - that helped understanding the issue!

So, the best way would be to add a more tolerant license? Or would the current one have to be replaced? If it's just about adding another one, then I have absolutely no problem with that and am happy to accept a pull request of yours :)

from dompurify.

… then we need a license which allows the project to be licensed under two different licenses. ;)

from dompurify.

many projects are dual or tri-licensed... It was fairly standard for years with Mozilla for them to be MPL/GPL/Apache 2.0

from dompurify.

As mentioned, if dual-licensing is the way to go, happy to accept a PR!

from dompurify.

Thanks! I think we can close this now? I'll do a quick announcement via Twitter.

from dompurify.

Thanks!

from dompurify.

Thank you so much for accepting this. Would it be possible to push another release (0.6.6)?

from dompurify.

Yep, probably gonna happen within the next two weeks. We are planning some additional hook demos, once done, we're going 0.6.6.

from dompurify.