From 15b94783e125c55c88e5ea9383eb5a9109e985f9 Mon Sep 17 00:00:00 2001 From: geisserml Date: Thu, 19 Sep 2024 02:22:46 +0200 Subject: [PATCH] Update licensing docs It is not clear to me if PDFium is "BSD-3-Clause OR Apache-2.0" or "BSD-3-Clause AND Apache-2.0". The pypdfium2 codebase previously stated "OR", but recently it hit me we don't actually have any evidence for that. In the end, I figured it was probably a presumption from the early days of the project that might as well be wrong, and that "BSD-3-Clause AND Apache-2.0" would have been the safer assumption. Sorry :( IANAL, but to my understanding both licenses are liberal and in similar spirit, so hopefully this should not have negative legal consequences downstream. Note that there is (and always was) ABSOLUTELY NO WARRANTY for any information provided with the pypdfium2 project. For pypdfium2's Readme, see the CC-BY-4.0 license (e.g. "Section 5 -- Disclaimer of Warranties and Limitation of Liability."). For pypdfium2's code (including any information provided therein), see the Apache-2.0 or BSD-3-Clause licenses, which have similar disclaimers. This patch avoids any "OR" or "AND", instead changing to a generic comma. This is not valid SPDX/reuse syntax and serves as a placeholder until we know better. Note that pypdfium2's Python code continues to be "Apache-2.0 OR BSD-3-Clause". This issue is only about PDFium itself. --- .reuse/dep5 | 4 ++-- .reuse/dep5-wheel | 2 +- README.md | 14 +++++++++----- conda/helpers/recipe/meta.yaml | 4 ++-- conda/raw/recipe/meta.yaml | 4 ++-- setup.py | 2 +- 6 files changed, 17 insertions(+), 13 deletions(-) diff --git a/.reuse/dep5 b/.reuse/dep5 index 552d0b4af..8caad1951 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -51,7 +51,7 @@ Files: tests/resources/attachments.pdf tests/resources/mona_lisa.jpg Copyright: 2022 PDFium developers -License: BSD-3-Clause OR Apache-2.0 +License: BSD-3-Clause, Apache-2.0 Comment: Obtained from: https://pdfium.googlesource.com/pdfium/+/refs/heads/main/testing/resources/bookmarks_circular.pdf @@ -67,7 +67,7 @@ Files: Copyright: 2022 PDFium developers 2024 geisserml -License: BSD-3-Clause OR Apache-2.0 +License: BSD-3-Clause, Apache-2.0 Files: tests/resources/images.pdf Copyright: diff --git a/.reuse/dep5-wheel b/.reuse/dep5-wheel index 5bf3fe889..5b046468b 100644 --- a/.reuse/dep5-wheel +++ b/.reuse/dep5-wheel @@ -26,4 +26,4 @@ Copyright: 2024 PDFium developers 2024 Developers of projects mentioned in PdfiumThirdParty 2024 BenoƮt Blanchon and pdfium-binaries contributors -License: (Apache-2.0 OR BSD-3-Clause) AND LicenseRef-PdfiumThirdParty +License: (BSD-3-Clause, Apache-2.0) AND LicenseRef-PdfiumThirdParty diff --git a/README.md b/README.md index 45ce02267..98d99ae8d 100644 --- a/README.md +++ b/README.md @@ -635,15 +635,19 @@ Usage should be largely self-explanatory, assuming a minimum of familiarity with ## Licensing -PDFium and pypdfium2 are available by the terms and conditions of either [`Apache-2.0`](LICENSES/Apache-2.0.txt) or [`BSD-3-Clause`](LICENSES/BSD-3-Clause.txt), at your choice. -Various other open-source licenses apply to dependencies bundled with PDFium. Verbatim copies of their respective licenses are contained in the file [`LicenseRef-PdfiumThirdParty.txt`](LICENSES/LicenseRef-PdfiumThirdParty.txt), which also has to be shipped with binary redistributions. +*Important: This is NOT LEGAL ADVICE, and there is ABSOLUTELY NO WARRANTY for any information provided in this document or elsewhere in the pypdfium2 project, including earlier revisions.* + +pypdfium2 itself is available by the terms and conditions of [`Apache-2.0`](LICENSES/Apache-2.0.txt) / [`BSD-3-Clause`](LICENSES/BSD-3-Clause.txt). Documentation and examples of pypdfium2 are licensed under [`CC-BY-4.0`](LICENSES/CC-BY-4.0.txt). -pypdfium2 complies with the [reuse standard](https://reuse.software/spec/) by including [SPDX](https://spdx.org/licenses/) headers in source files, and license information for data files in [`.reuse/dep5`](.reuse/dep5). +PDFium is available under a BSD-style license that can be found in its [`LICENSE`](https://pdfium.googlesource.com/pdfium/+/refs/heads/main/LICENSE) file. +Various other open-source licenses apply to dependencies bundled with PDFium. These also have to be shipped alongside binary redistributions. Copies of identified licenses are provided in [`LicenseRef-PdfiumThirdParty.txt`](LICENSES/LicenseRef-PdfiumThirdParty.txt). +There is no guarantee of completeness, and pdfium's dependencies might change over time. Please do notify us if you think this misses a relevant license. -To the author's knowledge, pypdfium2 is one of the rare Python libraries that are capable of PDF rendering while not being covered by copyleft licenses (such as the `GPL`).[^liberal_pdf_renderlibs] +pypdfium2 includes [SPDX](https://spdx.org/licenses/) headers in source files. +License information for data files is provided in [`.reuse/dep5`](.reuse/dep5) as per the [`reuse` standard](https://reuse.software/spec/). -As of early 2023, a single developer is author and rightsholder of the code base (apart from a few minor [code contributions](https://github.com/pypdfium2-team/pypdfium2/graphs/contributors)). +To the author's knowledge, pypdfium2 is one of the rare Python libraries that are capable of PDF rendering while not being covered by copyleft licenses (such as the `GPL`).[^liberal_pdf_renderlibs] [^liberal_pdf_renderlibs]: The only other liberal-licensed PDF rendering libraries known to the author are [`pdf.js`](https://github.com/mozilla/pdf.js/) (JavaScript) and [`Apache PDFBox`](https://github.com/apache/pdfbox) (Java), but python bindings packages don't exist yet or are unsatisfactory. However, we wrote some gists that show it'd be possible in principle: [pdfbox](https://gist.github.com/mara004/51c3216a9eabd3dcbc78a86d877a61dc) (+ [setup](https://gist.github.com/mara004/881d0c5a99b8444fd5d1d21a333b70f8)), [pdfjs](https://gist.github.com/mara004/87276da4f8be31c80c38036c6ab667d7). diff --git a/conda/helpers/recipe/meta.yaml b/conda/helpers/recipe/meta.yaml index 987ad2648..06ae182b1 100644 --- a/conda/helpers/recipe/meta.yaml +++ b/conda/helpers/recipe/meta.yaml @@ -51,10 +51,10 @@ about: description: | This package provides python helpers around pdfium. Dependants are suggested to pin to a major version, but any tighter pinning is discouraged since it increases the risk for conflicts, and would lock you out from future fixes. - license: Apache-2.0 OR BSD-3-Clause + license: BSD-3-Clause, Apache-2.0 license_file: - - LICENSES/Apache-2.0.txt - LICENSES/BSD-3-Clause.txt + - LICENSES/Apache-2.0.txt - LICENSES/CC-BY-4.0.txt dev_url: https://github.com/pypdfium2-team/pypdfium2 doc_url: https://pypdfium2.readthedocs.io diff --git a/conda/raw/recipe/meta.yaml b/conda/raw/recipe/meta.yaml index c0af3fdc0..89626dc8f 100644 --- a/conda/raw/recipe/meta.yaml +++ b/conda/raw/recipe/meta.yaml @@ -52,10 +52,10 @@ about: description: | This package provides raw ctypes bindings to pdfium. Important: DO NOT PIN to an exact version, as pypdfium2_raw itself pins pdfium-binaries to achieve ABI safety. - license: Apache-2.0 OR BSD-3-Clause + license: BSD-3-Clause, Apache-2.0 license_file: - - LICENSES/Apache-2.0.txt - LICENSES/BSD-3-Clause.txt + - LICENSES/Apache-2.0.txt - LICENSES/CC-BY-4.0.txt dev_url: https://github.com/pypdfium2-team/pypdfium2 doc_url: https://pypdfium2.readthedocs.io diff --git a/setup.py b/setup.py index 6660a2b76..7356d24e6 100644 --- a/setup.py +++ b/setup.py @@ -81,7 +81,7 @@ def run_setup(modnames, pl_name, pdfium_ver): kwargs = dict( name = "pypdfium2", description = "Python bindings to PDFium", - license = "Apache-2.0 OR BSD-3-Clause", + license = "BSD-3-Clause, Apache-2.0, PdfiumThirdParty", license_files = LICENSES_SHARED, python_requires = ">= 3.6", cmdclass = {},