http://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692017-10-16T15:31:13ZTYPO3 ForgeTYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3422612017-10-16T15:31:13ZBernhard Kraftkraftb@think-open.at
<ul><li><strong>Assignee</strong> deleted (<del><i>Helmut Hummel</i></del>)</li></ul> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3422622017-10-16T15:31:52ZBernhard Kraftkraftb@think-open.at
<ul><li><strong>Related to</strong> <i><a class="issue tracker-4 status-5 priority-5 priority-high3 closed" href="/issues/78144">Task #78144</a>: Evaluate inclusion of spdx info file</i> added</li></ul> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3422642017-10-16T15:34:33ZGerrit Code Review
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Under Review</i></li></ul><p>Patch set 1 for branch <strong>master</strong> of project <strong>Packages/TYPO3.CMS</strong> has been pushed to the review server.<br />It is available at <a class="external" href="https://review.typo3.org/54404">https://review.typo3.org/54404</a></p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3422662017-10-16T15:41:38ZBernhard Kraftkraftb@think-open.at
<ul></ul><p>The idea/problem behind this patch request is the fact that there are quite a bunch of legally unclear extensions out there ...<br />There are people which do not include the GPL header in the top of class files - either by intention or by mistake.</p>
<p>I do not know which legal impact it has upon a TYPO3 installation at a whole if there are extensions installed which do not comply to the GPL.</p>
<p>As far as my current understanding is concerned a TYPO3 extension requires to be GPL ... But what happens if it is not? In other software projects (Linux distributions, etc.), the Linux kernel, etc. this "taints" the whole setup.</p>
<p>I guess it would be somewhat similar in a TYPO3 instance.</p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3422672017-10-16T15:44:01ZBernhard Kraftkraftb@think-open.at
<ul></ul><p>I do not know if there are any TYPO3 "clones" out there which try to resemble the TYPO3 extension API. But just in such a hypothetical case "they" could legally use TYPO3 CMS extensions as they are GPL licensed while installing their extensions in TYPO3 would eventually violate TYPO3 CMS legal requirements and or break their legal requirements because they would be "forced" to GPL their work.</p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3422722017-10-16T16:25:35ZHelmut Hummeltypo3@helhum.io
<ul><li><strong>Category</strong> changed from <i>Security</i> to <i>Extension Manager</i></li></ul><p>That is not a security topic</p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3422752017-10-16T16:30:38ZHelmut Hummeltypo3@helhum.io
<ul></ul><blockquote>
<p>By current understanding a TYPO3 CMS extension requires to be licensed under the GPL or LGPL at a version of 2 or later</p>
</blockquote>
<p>And in general, this also is not true. MIT license is compatible with GPL and TYPO3 itself used MIT code.<br />Therefore Extensions licensed as MIT are valid to be installed with TYPO3.</p>
<p>However all Extensions on TER must be GPL as written in the ToS of TER.</p>
<p>Besides that, license check should not be done during installation, but during upload to TER or separately in a license check module (reports) or something similar.</p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3423552017-10-17T12:36:55ZGeorg Ringer
<ul></ul><p>why shouldn't I be allowed to install any package I want on my server?</p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3437932017-10-19T10:43:24ZBernhard Kraftkraftb@think-open.at
<ul></ul><p>It is just about knowing that you are tainting your system with non-GPL software.</p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3494122017-10-26T11:50:02ZHelmut Hummeltypo3@helhum.io
<ul></ul><p>Bernhard Kraft wrote:</p>
<blockquote>
<p>It is just about knowing that you are tainting your system with non-GPL software.</p>
</blockquote>
<p>That might be useful to know, however this IMHO should not be done during installation, but needs a separate check</p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3497932017-10-27T18:06:08ZBernhard Kraftkraftb@think-open.at
<ul></ul><p>I veto Helmuts postings.</p>
<p>Of course it is allowed to install non-GPL extensions. As previously mentioned it is only forbidden to upload non-GPL extensions to the official TER. But this is also not checked.</p>
<p>I will create a separate issue for this.</p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3497952017-10-27T18:08:39ZBernhard Kraftkraftb@think-open.at
<ul></ul><p>So I should not be allowed to upload a non-GPL extension to TER. This is explained somewhere - but there is no technical check/reason against it. So if I not place the "This software is GPL" header in my file headings and have not a "license" => "GPLv2" in my ext_emconf or composer.json I will still be able to upload it to TER. There is a German Sprichwort: "Wo kein Kläger da kein Richter".</p>
<p>Meaning that if no one cares about whether all software in TER is GPL there could be some non-GPL extensions lurking around.</p>
<p>So we have two frontiers:<br />1. Take care only GPL extensions get uploaded to TER.<br />2. Notify a user when he is installing non-GPL software.</p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3497982017-10-27T18:21:00ZBernhard Kraftkraftb@think-open.at
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-6 priority-4 priority-default closed" href="/issues/82875">Bug #82875</a>: Check license compatibility upon extension upload to TER</i> added</li></ul> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3498072017-10-27T20:28:54ZJo Hasenauinfo@cybercraft.de
<ul></ul><p>The checkbox that has to be clicked before the upload states:</p>
<p>I confirm that my extension contains only GPL v2 or <ins><strong>any later</strong></ins> version <ins><strong>compliant</strong></ins> code.</p>
<p>So there is no need to stick to GPLv2 due to the "any later" part and there is no need to stick to GPL at all due to the term "compliant".<br />Which is why some themes we did based on theme_bootstrap are using MIT license and are still legally published to the TER.</p>
<p>Please discuss topics like this with the licensing team first, since we are using our own tracker here on forge.</p> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3560952018-01-28T15:11:15ZSusanne Moogsusanne.moog@typo3.org
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/19393">Feature #19393</a>: Integrate license information and management</i> added</li></ul> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3727132018-09-06T14:29:51ZSusanne Moogsusanne.moog@typo3.org
<ul><li><strong>Target version</strong> changed from <i>9 LTS</i> to <i>next-patchlevel</i></li></ul> TYPO3 Core - Bug #82774: Check license compatibility upon extension installhttp://forge.typo3.org/issues/82774?journal_id=3957202019-03-01T20:01:49ZSusanne Moogsusanne.moog@typo3.org
<ul><li><strong>Status</strong> changed from <i>Under Review</i> to <i>Closed</i></li></ul><p>Patch has been abandoned. Due to Comment 14 this should be discussed with the licensing team first. I'll close this issue in our tracker for now.</p>