chore: update author names + remove license headers

[aminya]

No description provided.

[rotu]

This package redistributes libzmq in executable form https://www.npmjs.com/package/zeromq?activeTab=code. @bluca, can you confirm that the licensing on this project is still kosher and compatible with upstream?

[aminya]

Zeromq.js license has not changed for the past 14 years, and it compiles with the MPL 2 license of libzmq.

[rotu]

Zeromq.js license has not changed for the past 14 years, and it compiles with the MPL 2 license of libzmq.

You changed the license in this very PR.

What lawyer did you consult? I’m no lawyer, but it seems this project (edit: more specifically, the distribution of zeromq via npm ever since 5.2.6) is in violation of section 3.2 of the MPL.

I also don’t know whether removing copyright headers from files is okay. That’s something else to ask the lawyers.

[aminya]

The license is still MIT, and I changed the author names to reflect the history of the software, which was incomplete. The license headers are not required and were inaccurate as the LICENSE file applies to the whole repository.

The license of zeromq.js is the license of the zeromq.js library, which includes all the source code that's in this repository. Each dependency has its own license, and it's the responsibility of the user to reproduce the notices for the dependencies.

[rotu]

The license is still MIT, and I changed the author names to reflect the history of the software, which was incomplete. The license headers are not required and were inaccurate as the LICENSE file applies to the whole repository.

I suspect that's correct, but it would be unprofessional and unethical for me to make that call without the involvement of the rights-holders or any input from lawyers.

The license of zeromq.js is the license of the zeromq.js library, which includes all the source code that's in this repository. Each dependency has its own license, and it's the responsibility of the user to reproduce the notices for the dependencies.

THIS NEEDS LEGAL REVIEW, even if that just means a professional telling you everything is above-board. Here's my reasoning spelled out:

1. When uploading releases to npmjs.com, you're distributing libzmq without the required license and copyright notices. That's a violation of the license there.
2. Consumers of this package via npmjs.com might be misled that the MIT license and its copyright notices apply to the prebuilt binaries distributed in the same tarball.

@bluca, could you PLEASE make sure this gets in front of the right eyes?

[bluca]

copyright notices with year ranges and such are not technically required, and haven't been since the Bern convention. However, I'd encourage you to use SPDX one-line headers in every source file.

For NPM, I'm not familiar with it and I don't use it, but I note that zeromq does not appear in the dependencies list: https://www.npmjs.com/package/zeromq?activeTab=dependencies and I think that's because it's not a regular dependency, tracked by NPM, but it is prebuilt and embedded. I imagine there is tooling to list all licenses used by dependencies that is automated and relies on dependency tracking to work, and I assume embedding like this wouldn't work, so you need to find a solution for that, as users cannot be expected to manually inspect all code pulled in for prebuilt binaries. I do not know what is the best practice for that for NPM packages.