Langserve license issue

[eero-t]

Langserve is used in:

$ git grep -i langserve
comps/llms/summarization/tgi/llm.py:from langserve.serialization import WellKnownLCSerializer
comps/llms/summarization/tgi/requirements.txt:langserve
comps/llms/text-generation/ollama/requirements.txt:langserve
comps/llms/text-generation/ray_serve/requirements.txt:langserve
comps/llms/text-generation/tgi/requirements.txt:langserve
comps/llms/text-generation/vllm/requirements.txt:langserve
comps/ragas/tgi/requirements.txt:langserve

However, langserve license: https://github.com/langchain-ai/langserve/blob/main/LICENSE

contains limitation which seems to make it unfit for implementing cloud applications:

You may not provide the software to third parties as a hosted or managed service, where the service provides users with access to any substantial set of the features or functionality of the software.

If it's not possible to use a component that allows implementing cloud services (provided to 3rd parties) based on it, at least there should IMHO be:

• A very prominent warnings in the documentation about this license limitation, and/or
• Code requiring user to accept such licenses e.g. when images are built
  • Something like dialog could be used to query that: https://linux.die.net/man/1/dialog

PS. "LangAIExamples" repo also includes references to langserve, but happily all those files are deprecated.

[feng-intel]

Thanks. I will report this license issue.

[eero-t]

Moving dependency installation from build time to container startup: https://github.com/opea-project/GenAIComps/pull/274/files

Does not change anything license-wise for the companies that would be using OPEA services. The component is still there when the service is used.

Runtime installation just slows down service startup, and can make legal obligations harder to analyze / more surprising.

[ashahba]

I believe this issue was resolved by this PR: #274

[eero-t]

I believe this issue was resolved by this PR: #274

@ashahba No, I don't think that to help. As I already commented:

Moving dependency installation from build time to container startup: https://github.com/opea-project/GenAIComps/pull/274/files

Does not change anything license-wise for the companies that would be using OPEA services. The component is still there when the service is used.

Runtime installation just slows down service startup, and can make legal obligations harder to analyze / more surprising.

[endomorphosis]

@ashahba this does not actually fix the issue.

The copyright laws are "strict liability" laws, and this project could be held responsible under the doctrine of contributory infringement.

from: https://www.law.cornell.edu/wex/contributory_infringement

One who knowingly induces, causes or materially contributes to copyright infringement, by another but who has not committed or participated in the infringing acts themselves, may be held liable as a contributory infringer if they had knowledge, or reason to know, of the infringement.

from: https://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/july-august/debunking-copyright-myths/

The U.S. Copyright Act is a strict liability statute. In other words, following a “rule” that you believe to be true but which turns out to be a myth will not excuse you from liability for infringement. Under certain circumstances, it is possible to plead “innocent infringement,” but even that only serves to reduce the amount of damages you may owe and does not excuse your infringement.

[ashahba]

@ashahba this does not actually fix the issue.

The copyright laws are "strict liability" laws, and this project could be held responsible under the doctrine of contributory infringement.

from: https://www.law.cornell.edu/wex/contributory_infringement

One who knowingly induces, causes or materially contributes to copyright infringement, by another but who has not committed or participated in the infringing acts themselves, may be held liable as a contributory infringer if they had knowledge, or reason to know, of the infringement.

from: https://www.americanbar.org/groups/intellectual_property_law/publications/landslide/2018-19/july-august/debunking-copyright-myths/

The U.S. Copyright Act is a strict liability statute. In other words, following a “rule” that you believe to be true but which turns out to be a myth will not excuse you from liability for infringement. Under certain circumstances, it is possible to plead “innocent infringement,” but even that only serves to reduce the amount of damages you may owe and does not excuse your infringement.

@endomorphosis Thanks for your feedback and concern. Unfortunately as an engineer I'm not a legal expert by any definition so it's hard for me to accept or reject your comment 😄 .
Both my licensing and legal contacts have given me thumbs up on this matter but I can double check with my legal contact again to ensure they didn't overlook anything.

[endomorphosis]

Please ask specifically a copyright attorney, I happen to have read all of the copyright treaties, the entirety of the copyright act several times, the entire 1976 senate and congressional reports for the copyright act, and many many copyright case law documents.

[eero-t]

The copyright laws are "strict liability" laws, and this project could be held responsible under the doctrine of contributory infringement.

Are you referring to it being possible to unintentionally infringe on the license because use of Langserve licensed component, and what that license implies, are not being clearly stated in the project documentation (e.g. on container image pages at DockerHub)?

[endomorphosis]

Are you referring to it being possible to unintentionally infringe on the license because use of Langserve licensed component, and what that license implies, are not being clearly stated in the project documentation (e.g. on container image pages at DockerHub)?

Under the copyright law, there is no distinction between intentional and negligence, unless its under the criminal copyright infringement statute. If the end user is infringing, as a result of act or failure to act, in breach of some legally recognized duty (e.g. failure to warn negligence, representation of merchantability, aiding and abetting), then either the copyright holder can join the Linux foundation as a defendant, or the defendant can make a third party claim against the Linux foundation to join it to the lawsuit.

[eero-t]

Looking at Wikipedia entry on the matter: https://en.wikipedia.org/wiki/Contributory_copyright_infringement

• Internal use of is valid and substantial use-case for the OPEA services (license prohibits providing service to "third parties" only)
• OPEA project does not know, or control who's using the SW, where, for what, and to whom it's provided

=> IANAL, but according to Wikipedia, either of those facts alone would make contributory infringement moot

[endomorphosis]

These are the same sorts of arguments that providers of peer to peer software services make, the holding doctrine is currently the 9th circuit Napster case:

#The Ninth Circuit Court of Appeals found Napster liable for both "contributory infringement" and "vicarious infringement". Regarding the issue of contributory infringement, the court held that Napster had "actual knowledge" of infringing activity, and providing its software and services to the infringers meant that it had "materially contributed" to the infringement. It was held that the defense in Sony was of "limited assistance to Napster". The test whether a technology is capable of substantial non infringing uses was relevant only for imputing knowledge of infringement to the technology provider. But, in Napster's case, it was found that Napster had "actual, specific knowledge of direct infringement", and therefore, the Sony test would not be applicable.

A quote on the OPEA front page:

"we let's take a year out our belief is OPEA will emerge as the de facto platform how customers will be deploying gen AI Solutions"

[eero-t]

"Our belief is that cp will emerge as de facto tool for copying files" claim does not make authors of cp liable for unlicensed copying.

in Napster case, they knew about the specific infringement, knew who was infringing and directly facilitated & controlled that as their servers had lists of the infringing files, they provided service for locating the infringing file and connected the two for p2p file sharing. I.e. they had "actual, specific knowledge of direct infringement".

[endomorphosis]

https://zoom.us/rec/play/tWHJyAb3KqATMbvkgFrXFxDN8DqwPLUKzcuY-GKvblgrAB11CYyh-Rn9Avx0MMeS6Z_ADmNdwlLJMfqH._EA-budfUaN7FHii?canPlayFromShare=true&from=share_recording_detail&continueMode=true&componentName=rec-play&originRequestUrl=https%3A%2F%2Fzoom.us%2Frec%2Fshare%2FR2CwGRD17Hv84LgBpI_iDUWIQGumDCGDaQFGl25nQbg8C3YlmIDHPHFoLMPzfXQ.u0t_KG54bV5emBzT

Christoph Schuhmann
Yeah, of course I can give you.
I can give you the repository. You have to set it up like the documentation is early stages. Because I'm doing this is my free time. I'm I'm a high school teacher. But we're my plan is basically to get several open source communities together.
make a discord server and then get from different like communities and from Twitter people, and so volunteers there
and get them as a community to develop new skills. So people could make skills. For I don't know, maybe for planning to bring together multiple open source communities and create a discipline. Goodbye, Buddy.
So basically, the idea would be to have, like a vivid community of people who make new skills. So you could have, for example, a skill to generate automatic subtitles for all Stanford courses on Google. And then, whenever you want to learn something about Stanford, it could open up.
And
the skills functions. And the the system prompts.
small, middle-sized, based like business call call center, but, or whatever it is.
Like. It's a general purpose technology like like. So I've talked to a few Intel people like to Desmond yesterday, and I told him like
he he told me about. Prediction guard like this. It's a startup they want to do, or they provide inference on Gaudi. So they technically could host this.
or like other startups, whoever wants to use it, whatever business enterprise they could use something like this and switch out the language model if it's not powerful enough. They take the latest, best language model.
They can make their own skills
for me personally.

Christoph Schuhmann
03:12:50
So for me, personally, like the biggest benefit right now would be to have this for education, because, like, I think, the biggest impact would be
to basically make it super easy for any kid on the world to get education.
Hmm.
of course, there are other things. But like, imagine, like. Of course, you can use this as a call center board. But there are other commercial like closed source solutions that you could use, but with education and like you. You mostly have this concern about data privacy here in Germany.
and many teachers are scared of Gpt. But if we can make these voice assistants so super easy to use that everyone can just download
like a little app
and use some inference service that costs. Maybe, like I don't know 20 cent per 1 million tokens or so. So it would be super cheap. You could like for 10 the dollar. You could probably chat
2 months worth it, or whatever, or longer, and then it could be widely available. And it's not mostly about Germany. I'm not super concerned about the Us. And about Germany, but imagine we would have this in all these
languages, for.
like Pakistan Vietnam, a friend of mine, he has self learning spaces in
Pakistan for kids who go to the factory and work 10 HA day in the factory, and later they can go to volunteers and learn a few hours like with computers, or whatever like learning, reading, writing.
and he is. It's donation based. And I told him, Yeah, I'm working on this.
And we could make this in Urdu, or whatever language they are talking like. We just need a good text of speech, and imagine we would put like this with inference in the cloud
on a cheap old laptop, and they could sit there and talk to the laptop like, even if they can't read and write, they could just like like this is. And this technology is general purpose. This means every business that wants to be a customer of Intel, or whoever could just use it. And so it's about the infrastructure, about the framework that we need to groom.

[endomorphosis]

I also previously explained

then either the copyright holder can join the Linux foundation as a defendant, or the defendant can make a third party claim against the Linux foundation to join it to the lawsuit.

https://www.law.cornell.edu/wex/product_liability

[ashahba]

I think we are long overdue for closing this issue.
We have came to an agreement on how to handle this scenario and no other actions are left on OPEA community.

[eero-t]

We have came to an agreement on how to handle this scenario and no other actions are left on OPEA community.

What is the agreement? Issues should be closed only after the issue is fixed (or wontfixed).

I noticed that in git HEAD (of GenAIExamples and GenAIInfra) ChatQnA application defaults to a no-wrapper version, i.e. it does not include the problematic LLM wrapper uservice. There are some other applications that still use it by default though, e.g. DocSum.