1
3
Entering edit mode
@matthias-doering-22813
Last seen 4 days ago
Belgium

I was just checking the software licenses of Bioconductor packages and I think I spotted an inconsistency:

• scran depends on dqrng but is licensed under GPL-3 and not AGPL-3.

From my understanding of open-source licenses, since scran is a modified version of dqrng (it depends on it), such that scran should be released under the same license, i.e. AGPL. The same would then hold for all packages that depend on scran, meaning that the current licenses of all packages depending on scran in Bioconductor should be set to AGPL.

To resolve the scran licensing issue, there are two paths. Either change all licenses of reverse dependencies to AGPL or remove the dependency on dqrng in scran, which may make more sense since the AGPL is known to be a very restrictive license which limits use of the libraries for web-based services as source code will need to be published.

Also, this finding poses the question how the bioconductor community ensures that packages are released under the appropriate license. If there isn't an automated mechanism for checking that packages are released under a compatible license, I would strongly recommend this to prevent breaching licenses without intending to do so.

It would be great if one of the core devs could provide some feedback and take the matter into their hands to resolve these problems.

agpl license gpl scran • 110 views
0
Entering edit mode
@vincent-j-carey-jr-4
Last seen 7 days ago
United States

Thanks for this observation. We are discussing it and will get back to you.