Update licensing docs

It is not clear to me if PDFium is "BSD-3-Clause OR Apache-2.0" or "BSD-3-Clause AND Apache-2.0". The pypdfium2 codebase previously stated "OR", but recently it hit me we don't actually have any evidence for that. In the end, I figured it was probably a presumption from the early days of the project that might as well be wrong, and that "BSD-3-Clause AND Apache-2.0" would have been the safer assumption. Sorry :( IANAL, but to my understanding both licenses are liberal and in similar spirit, so hopefully this should not have negative legal consequences downstream. Note that there is (and always was) ABSOLUTELY NO WARRANTY for any information provided with the pypdfium2 project. For pypdfium2's Readme, see the CC-BY-4.0 license (e.g. "Section 5 -- Disclaimer of Warranties and Limitation of Liability."). For pypdfium2's code (including any information provided therein), see the Apache-2.0 or BSD-3-Clause licenses, which have similar disclaimers. This patch avoids any "OR" or "AND", instead changing to a generic comma. This is not valid SPDX/reuse syntax and serves as a placeholder until we know better. Note that pypdfium2's Python code continues to be "Apache-2.0 OR BSD-3-Clause". This issue is only about PDFium itself.
pypdfium2-team · Sep 19, 2024 · 6736a5d · 6736a5d
1 parent ce1faba
commit 6736a5d
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 14 deletions.
diff --git a/.reuse/dep5 b/.reuse/dep5
@@ -51,7 +51,7 @@ Files:
     tests/resources/attachments.pdf
     tests/resources/mona_lisa.jpg
 Copyright: 2022 PDFium developers
-License: BSD-3-Clause OR Apache-2.0
+License: BSD-3-Clause, Apache-2.0
 Comment:
     Obtained from:
     https://pdfium.googlesource.com/pdfium/+/refs/heads/main/testing/resources/bookmarks_circular.pdf
@@ -67,7 +67,7 @@ Files:
 Copyright:
     2022 PDFium developers
     2024 geisserml <[email protected]>
-License: BSD-3-Clause OR Apache-2.0
+License: BSD-3-Clause, Apache-2.0
 
 Files: tests/resources/images.pdf
 Copyright:

diff --git a/.reuse/dep5-wheel b/.reuse/dep5-wheel
@@ -26,4 +26,4 @@ Copyright:
     2024 PDFium developers
     2024 Developers of projects mentioned in PdfiumThirdParty
     2024 Benoît Blanchon and pdfium-binaries contributors
-License: (Apache-2.0 OR BSD-3-Clause) AND LicenseRef-PdfiumThirdParty
+License: (BSD-3-Clause, Apache-2.0) AND LicenseRef-PdfiumThirdParty
diff --git a/README.md b/README.md
@@ -635,15 +635,19 @@ Usage should be largely self-explanatory, assuming a minimum of familiarity with
 
 ## Licensing
 
-PDFium and pypdfium2 are available by the terms and conditions of either [`Apache-2.0`](LICENSES/Apache-2.0.txt) or [`BSD-3-Clause`](LICENSES/BSD-3-Clause.txt), at your choice.
-Various other open-source licenses apply to dependencies bundled with PDFium. Verbatim copies of their respective licenses are contained in the file [`LicenseRef-PdfiumThirdParty.txt`](LICENSES/LicenseRef-PdfiumThirdParty.txt), which also has to be shipped with binary redistributions.
+*Important: This is NOT LEGAL ADVICE, and there is ABSOLUTELY NO WARRANTY for any information provided in this document or elsewhere in the pypdfium2 project, including earlier revisions.*
+
+pypdfium2 itself is available by the terms and conditions of [`Apache-2.0`](LICENSES/Apache-2.0.txt) / [`BSD-3-Clause`](LICENSES/BSD-3-Clause.txt).
 Documentation and examples of pypdfium2 are licensed under [`CC-BY-4.0`](LICENSES/CC-BY-4.0.txt).
 
-pypdfium2 complies with the [reuse standard](https://reuse.software/spec/) by including [SPDX](https://spdx.org/licenses/) headers in source files, and license information for data files in [`.reuse/dep5`](.reuse/dep5).
+PDFium is available under a BSD-style license that can be found in its [`LICENSE`](https://pdfium.googlesource.com/pdfium/+/refs/heads/main/LICENSE) file.
+Various other open-source licenses apply to dependencies bundled with PDFium. These also have to be shipped alongside binary redistributions. Copies of identified licenses are provided in [`LicenseRef-PdfiumThirdParty.txt`](LICENSES/LicenseRef-PdfiumThirdParty.txt).
+There is no guarantee of completeness, and pdfium's dependencies might change over time. Please do notify us if you think this misses a relevant license.
 
-To the author's knowledge, pypdfium2 is one of the rare Python libraries that are capable of PDF rendering while not being covered by copyleft licenses (such as the `GPL`).[^liberal_pdf_renderlibs]
+pypdfium2 includes [SPDX](https://spdx.org/licenses/) headers in source files.
+License information for data files is provided in [`.reuse/dep5`](.reuse/dep5) as per the [`reuse` standard](https://reuse.software/spec/).
 
-As of early 2023, a single developer is author and rightsholder of the code base (apart from a few minor [code contributions](https://github.com/pypdfium2-team/pypdfium2/graphs/contributors)).
+To the author's knowledge, pypdfium2 is one of the rare Python libraries that are capable of PDF rendering while not being covered by copyleft licenses (such as the `GPL`).[^liberal_pdf_renderlibs]
 
 [^liberal_pdf_renderlibs]: The only other liberal-licensed PDF rendering libraries known to the author are [`pdf.js`](https://github.com/mozilla/pdf.js/) (JavaScript) and [`Apache PDFBox`](https://github.com/apache/pdfbox) (Java), but python bindings packages don't exist yet or are unsatisfactory. However, we wrote some gists that show it'd be possible in principle: [pdfbox](https://gist.github.com/mara004/51c3216a9eabd3dcbc78a86d877a61dc) (+ [setup](https://gist.github.com/mara004/881d0c5a99b8444fd5d1d21a333b70f8)), [pdfjs](https://gist.github.com/mara004/87276da4f8be31c80c38036c6ab667d7).
 

diff --git a/conda/helpers/recipe/meta.yaml b/conda/helpers/recipe/meta.yaml
@@ -51,10 +51,10 @@ about:
   description: |
     This package provides python helpers around pdfium.
     Dependants are suggested to pin to a major version, but any tighter pinning is discouraged since it increases the risk for conflicts, and would lock you out from future fixes.
-  license: Apache-2.0 OR BSD-3-Clause
+  license: BSD-3-Clause, Apache-2.0
   license_file:
-    - LICENSES/Apache-2.0.txt
     - LICENSES/BSD-3-Clause.txt
+    - LICENSES/Apache-2.0.txt
     - LICENSES/CC-BY-4.0.txt
   dev_url: https://github.com/pypdfium2-team/pypdfium2
   doc_url: https://pypdfium2.readthedocs.io

diff --git a/conda/raw/recipe/meta.yaml b/conda/raw/recipe/meta.yaml
@@ -52,10 +52,10 @@ about:
   description: |
     This package provides raw ctypes bindings to pdfium.
     Important: DO NOT PIN to an exact version, as pypdfium2_raw itself pins pdfium-binaries to achieve ABI safety.
-  license: Apache-2.0 OR BSD-3-Clause
+  license: BSD-3-Clause, Apache-2.0
   license_file:
-    - LICENSES/Apache-2.0.txt
     - LICENSES/BSD-3-Clause.txt
+    - LICENSES/Apache-2.0.txt
     - LICENSES/CC-BY-4.0.txt
   dev_url: https://github.com/pypdfium2-team/pypdfium2
   doc_url: https://pypdfium2.readthedocs.io

diff --git a/setup.py b/setup.py
@@ -81,7 +81,7 @@ def run_setup(modnames, pl_name, pdfium_ver):
     kwargs = dict(
         name = "pypdfium2",
         description = "Python bindings to PDFium",
-        license = "Apache-2.0 OR BSD-3-Clause",
+        license = "BSD-3-Clause, Apache-2.0, PdfiumThirdParty",
         license_files = LICENSES_SHARED,
         python_requires = ">= 3.6",
         cmdclass = {},
@@ -132,7 +132,6 @@ def run_setup(modnames, pl_name, pdfium_ver):
         kwargs["package_data"]["pypdfium2_raw"] = [VersionFN, BindingsFN, libname]
         kwargs["cmdclass"]["bdist_wheel"] = bdist_factory(pl_name)
         kwargs["distclass"] = BinaryDistribution
-        kwargs["license"] = f"({kwargs['license']}) AND LicenseRef-PdfiumThirdParty"
         kwargs["license_files"] += LICENSES_WHEEL
 
     if "pypdfium2" in kwargs["package_data"]: