Make license/licenses field mandatory

Jay Feldblum y_feldblum at
Fri Oct 14 01:50:08 EDT 2011


I'd like to check that there *is* a license, and either that
it's a license listed on (the whitelist)
or that it's marked as a custom otherwise-free/open license.

My suggestion is that enforce a license whitelist *but also
permit an escape hatch* (i.e., permit marking a gem as using a custom but
otherwise free/open license).

So wouldn't be *policing* per-se. It would be making an effort
to get good license metadata and to have gem authors provide it.

The requirement from can be phased in over time, with the
warning to gem authors in the rubygems library coming first and coming well
in advance of any enforcement by the server. Gem authors will
have been seeing this warning for perhaps a year when building/pushing new
gems or new versions of gems that are missing licenses, and will be
well-prepared for to begin enforcing a whitelist (while also
permitting the escape hatch above).

Organizations' attorneys are often concerned with protecting their
organizations or clients from the mere possibility of litigation or any type
of legal action, regardless of how unlikely ligation or other action might
be. Additionally, in our litigious New America, *successful* suits in this
area may be rare, but unscrupulous folk may be likely to to try a lawsuit -
not to try to win - but to make the defendant cry uncle and beg to settle
quickly. To try to prevent against such scenarios, organizations' attorneys
may want the developers to be vigilant against using anything against its
license. The point isn't that it happens. The point is to prevent it from
happening as far as possible.

To go to a finer point, someone might upload his software to an open-source
code-sharing site, with the intention that his software be copyleft, but
forgetting to include a specific license. Someone else might download and
use the software in his commercial project in a way inconsistent with a
copyleft license. The hypothetical tooling to check all the licenses is
equally useful for answering the question "can I be sued?" as it is for
answering the more-fundamental questions "am I being honest?" and "am I
treating my fellow developers with respect (by not using their software
against their will)?"

Jay Feldblum

On Thu, Oct 13, 2011 at 11:15 PM, Eric Hodel <drbrain at> wrote:

> On Oct 13, 2011, at 2:45 PM, Jay Feldblum wrote:
> > Instead, some innocent programmer might download and use a gem from
> *illegally*, and *punishably under the law*.
> It's not the job of RubyGems to police what people do beyond making sure
> the versions of gems they install are mutually compatible.
> I've heard people claim that using certain combinations of GPL and certain
> other-licensed software is illegal.  Restricting this through RubyGems is
> not going to prevent people from using such combinations as they'll work
> around it.
> Yes, I understand that mandatory licenses in the spec will make it easier
> for users of gems that want to audit licenses of gems they installed to do
> so, but getting authors setting the license in the spec is your first
> problem.  Sudden, mandatory licensing is likely to go over with them about
> as well as the deprecation warnings on RubyGems 1.8.0 without a careful
> campaign of education on why it is useful to pave the way.
> PS: Can you show a case where a software author has uploaded unlicensed (or
> non-free-licensed) software to a website where open-source software is
> shared (like,,, or
> similar) then sued users who downloaded it?  I haven't heard of such a thing
> in over ten years of open source contribution and use so I'm highly
> unconvinced.
> I think a successful suit is about as likely as an arrest for taking
> cookies from an unsupervised plate in the middle of a public park that's
> sitting next to a box with a "free" sign.  Sure, the cookie plate doesn't
> say "free", but why did you put it next to the free box in the first place?
> _______________________________________________
> RubyGems-Developers mailing list
> RubyGems-Developers at

More information about the RubyGems-Developers mailing list