Paolo Melchiorre

I missed the absurd chardet license change story. đź« 

BTW I would pin chardet <7 and avoid using the relicensed version if you want to avoid issues. ⚠️

Quoting Madison Taylor from Nvidia:
"Given the existence of issue #327 chardet v7.0.0 is absolutely toxic." https://github.com/chardet/chardet/issues/331

#Python #Chardet #License #Version

v7.0.0 presents unacceptable legal risk to users due to copyright controversy · Issue #331 · chardet/chardet

Hiiiiii. I'm just a random user at a big company. I don't have legal advice, and I don't even have moral advice. I have opinions (that do not represent those of my employer NVIDIA Corporation). Som...

GitHub
Mar 9 at 10:13pmWeb
Show threadJeff TriplettMar 9

@paulox As user, I don't see any legal risk there.

I think it was badform to not rename the project. v7 could have just as easily used the new renamed project and incurred much less rath, but here we are.

Do you use chardet directly? I know a bunch of libraries to, but I have never used it directly.

Show threadJeff TriplettMar 9
@paulox I wonder how many of those libraries are considering other options as a result of the relicense, vibe code a new one?
Show threadRussell Keith-MageeMar 10
@webology @paulox It’s a dependency of requests, which is as good as saying “everyone uses it”. Although requests has a specific in-app warning if you’re using chardet >= 7 (https://github.com/psf/requests/pull/7220), but for general SemVer reasons, not license reasons.
Increase chardet upper limit to 7 by aminvakil · Pull Request #7220 · psf/requests

Fixes #7219. Although right now I'm not sure if it would be as simple as this, but I wanted to run tests on chardet.

GitHub
Show threadHugo van KemenadeMar 10

@freakboy3742 @webology @paulox

chardet (126m monthly downloads) is an optional dependency of requests (1.065 billion).

charset_normalizer (1.001 billion) is the required dependency.

https://github.com/psf/requests/blob/0e4ae38f0c93d4f92a96c774bd52c069d12a4798/pyproject.toml#L19

But requests are thinking of moving back to chardet.

https://github.com/psf/requests/issues/7223#issuecomment-3993094073

Show threadJeff TriplettMar 10
@hugovk @freakboy3742 @paulox Having made the switch to httpx years ago, I'm happy with the choice, but I know requests is still baked into more libraries than not.
Show threadRussell Keith-MageeMar 10
@webology Yeah... I was the same.. until https://github.com/encode/httpx/discussions/3784 . I can't argue with the fact that online communities have “absurdly skewed gender representation"... but closing off issues and discussions doesn’t fill me with confidence about the health of the project.
Show threadJessica Tegner 👩🏻‍🦰Mar 10

@freakboy3742 @webology what the actual heck... So... Help do something about it (meant towards the author).
Like why would you close things down just because there's not enough X gendered people.

Also. Found it funny that the discussion was filled under "502 Bad Gateway"

Show threadPaolo MelchiorreMar 10
@freakboy3742 @webology I missed that. Thanks for sharing.
Show threadRussell Keith-MageeMar 10
@hugovk @webology @paulox Ah, thanks. The recent version bumps started raising warnings in requests, and misread the resolved on how that dependency got there.
Show threadPaolo MelchiorreMar 10

@webology Regardless of personal opinions on copyleft licenses, the clear point is that changing the license to chardet violates the LGPL.

The maintainers who did this would have had to create a new project from scratch and choose their own license if they wanted to rewrite the library.

By choosing instead to blatantly violate the project's license, they have created an unstable situation that could impact libraries that depend on chardet.

As I said I would pin chardet<7 and wait for a bit.

Show threadJeff TriplettMar 11

@paulox I don’t have strong opinions about copyleft licenses. As I mentioned, my main concern was that reusing the project name with a different license feels like bad form. 🤷

If they had created a new project and used an LLM to generate the code, it seems reasonable that they could choose whatever license they want, unless that license explicitly restricted LLM use. One of my few critiques of open source licensing is that they intentionally avoid adding usage restrictions like that.

Show threadPaolo MelchiorreMar 11

@webology I think what they did is worse that bad form, they explicitly violated the license all contributors to the project agreed.

I think LGPL (or similar copyleft licenses) are pretty clear about the usage:
You're free to share a modified version of this software but only using the same license.

If they used their knowledge to write something new from scratch that was a new library with no connection with the original license.