Paolo MelchiorreMar 9

I missed the absurd chardet license change story. đź« 

BTW I would pin chardet <7 and avoid using the relicensed version if you want to avoid issues. ⚠️

Quoting Madison Taylor from Nvidia:
"Given the existence of issue #327 chardet v7.0.0 is absolutely toxic." https://github.com/chardet/chardet/issues/331

#Python #Chardet #License #Version

v7.0.0 presents unacceptable legal risk to users due to copyright controversy · Issue #331 · chardet/chardet

Hiiiiii. I'm just a random user at a big company. I don't have legal advice, and I don't even have moral advice. I have opinions (that do not represent those of my employer NVIDIA Corporation). Som...

GitHub
Show threadJeff TriplettMar 9

@paulox As user, I don't see any legal risk there.

I think it was badform to not rename the project. v7 could have just as easily used the new renamed project and incurred much less rath, but here we are.

Do you use chardet directly? I know a bunch of libraries to, but I have never used it directly.

Show threadRussell Keith-MageeMar 10
@webology @paulox It’s a dependency of requests, which is as good as saying “everyone uses it”. Although requests has a specific in-app warning if you’re using chardet >= 7 (https://github.com/psf/requests/pull/7220), but for general SemVer reasons, not license reasons.
Increase chardet upper limit to 7 by aminvakil · Pull Request #7220 · psf/requests

Fixes #7219. Although right now I'm not sure if it would be as simple as this, but I wanted to run tests on chardet.

GitHub
Show threadHugo van KemenadeMar 10

@freakboy3742 @webology @paulox

chardet (126m monthly downloads) is an optional dependency of requests (1.065 billion).

charset_normalizer (1.001 billion) is the required dependency.

https://github.com/psf/requests/blob/0e4ae38f0c93d4f92a96c774bd52c069d12a4798/pyproject.toml#L19

But requests are thinking of moving back to chardet.

https://github.com/psf/requests/issues/7223#issuecomment-3993094073

Show threadRussell Keith-Magee
@hugovk @webology @paulox Ah, thanks. The recent version bumps started raising warnings in requests, and misread the resolved on how that dependency got there.
Mar 10 at 10:29pmWeb