Missing license

[ghost]

Originally reported by: stefanor (Bitbucket: stefanor, GitHub: stefanor)

---

The only mention of the license that this is distributed under, is in setup.py:

#!python

license="PSF or ZPL",

The body of the license doesn't appear to be present in any source or binary distributions. This makes it hard to know exactly what the terms of distribution are.

There are multiple versions of the Zope license in existance, but the version isn't specified. And the PSF license most commonly appears in the long essay about python's licensing history, it isn't well known as a stand-alone license. There'd be no guessing, if the license bodies were included.

Please bundle the licenses that this is distributed under, in the source. And ensure that they appear in any source and binary distributions.

Thanks

---

• Bitbucket: https://bitbucket.org/pypa/setuptools/issue/132

[ghost]

Original comment by opoplawski (Bitbucket: opoplawski, GitHub: opoplawski):

---

We're doing a re-review of setuptools for Fedora EPEL and running into this as well. In addition, there are several files that are under the Apache license:

./pkg_resources/_vendor/packaging/__about__.py: Apache (v2.0)
./pkg_resources/_vendor/packaging/__init__.py: Apache (v2.0)
./pkg_resources/_vendor/packaging/_compat.py: Apache (v2.0)
./pkg_resources/_vendor/packaging/_structures.py: Apache (v2.0)
./pkg_resources/_vendor/packaging/specifiers.py: Apache (v2.0)
./pkg_resources/_vendor/packaging/version.py: Apache (v2.0)

This really needs to get addressed.

[ghost]

Original comment by jaraco (Bitbucket: jaraco, GitHub: jaraco):

---

I honestly don't know what to do with this. My inclination is to re-release the package under the MIT License or possibly the Apache Software License. I see that the Trove Classifiers don't even distinguish between versions of most licenses.

@dstufft Do you have any opinion on what license or licenses the setuptools code is released under?

[ghost]

Original comment by dstufft (Bitbucket: dstufft, GitHub: dstufft):

---

The bundled files in pkg_resources/_vendor/packaging are available under either 2 clause BSD or Apache v2.0 in the next version of packaging so I can release that and that solves the Apache v2.0 thing (which can be a problem for GPLv2 libraries).

Beyond that, setuptools is a big enough deal that it probably shouldn't be Apache v2.0 unless it dual licenses under 2 Clause BSD like we've done in packaging. If that's something you're interested in then I can help with that.

The bigger issue I think is that the license is ambiguous and you can't change the license without permission of everyone who owns the copyright over all of the lines of code in setuptools. Essentially you need permission from anyone who ever contributed to change the license... but since the original license was ambiguous I don't know how exactly that affects things. This is probably a question for an actual lawyer.

[ghost]

Original comment by dstufft (Bitbucket: dstufft, GitHub: dstufft):

---

I sent an email to Van to see if he has time to weigh in.

[ghost]

Original comment by jaraco (Bitbucket: jaraco, GitHub: jaraco):

---

Relicense the package as MIT license. Drop licensing as PSF and Zope as neither of those licenses grant authority for use outside their respective projects. Vendored projects are licensed under their respective licenses, currently MIT for six and Apache v2 for packaging. Fixes #132.

[ghost]

Original comment by jaraco (Bitbucket: jaraco, GitHub: jaraco):

---

For now, I'm simply declaring the license as MIT. I welcome others to chase down individual contributors to get their acknowledgement or to address any other legal details.