Upload
vanessa-arenas
View
82
Download
0
Embed Size (px)
Citation preview
Not long ago, in a galaxy very close
Someone broke the Internet!
Well, just the Javascript ecosystem
For about two hours
But hey, it was still HUGE!
Azer KoçuluOpen Source developer working on framework called Kik
Bob StrattonPatent AgentKik Interactive
What happened next?
1. Azer unpublished all his packages from NPM.
2. One of his packages, called left-pad, is a dependency of another more popular package called line-numbers, which is a dependency of Babel, React, and countless others.
3. Without left-pad in NPM, line-numbers and other packages and builds soon began breaking (including Kik Interactive).
Azer broke the NPM ecosystem!
1. Javascript community quickly tracked the problem to Azer’s left-pad library and organized to fix it.
2. NPM had to republish left-pad, under a different owner from a backup.
3. In about 2 hrs, the problem was solved, but a deep flaw in the community was exposed.
Questions arose
1.Did NPM stole Azer’s code when they republished his package?
2.Was NPM’s procedure right?
3.Is there any fault in Azer’s hand, Kik’s hand or even NPM?
The Open Source community strong foundation are its
licenses
TL;DR;License Review
Apache License v2You can do what you like with the software, as long as you include the required notices. This permissive license contains a patent license from the contributors of the code.
GNU General Public License v3You may copy, distribute and modify the software as long as you track changes/dates in source files. Any modifications to or software including (via compiler) GPL-licensed code must also be made available under the GPL along with build & install instructions.
GNU Lesser General Public License v3This license is mainly applied to libraries. You may copy, distribute and modify the software provided that modifications are described and licensed for free under LGPL. Derivatives works (including modifications or anything statically linked to the library) can only be redistributed under LGPL, but applications that use the library don't have to be.
MIT LicenseA short, permissive software license. Basically, you can do whatever you want as long as you include the original copyright and license notice in any copy of the software/source.
BSD-3The BSD 3-clause license allows you almost unlimited freedom with the software so long as you include the BSD copyright and license notice in it (found in Fulltext)
Mozilla Public License 2.0MPL is a copyleft license that is easy to comply with. You must make the source code for any of your changes available under MPL, but you can combine the MPL software with proprietary code, as long as you keep the MPL code in a separate file. Version 2.0 is compatible with GPL version 3. You can distribute binaries under a proprietary license, as long as you make the source available under MPL.
What license Azer used in left-pad?
Do What the F**k You Want To Public License (WTFPL)
The WTFPL is almost a public domain grant. It is super-permissive. Basically, do whatever you want. Note, however, that it is not a trademark license.
Questions/Comments?