RFC: Inconsistent software license for scran & automated license checks
Entering edit mode
Last seen 4 days ago

I was just checking the software licenses of Bioconductor packages and I think I spotted an inconsistency:

  • CRAN package dqrng is licensed under AGPL-3
  • scran depends on dqrng but is licensed under GPL-3 and not AGPL-3.

From my understanding of open-source licenses, since scran is a modified version of dqrng (it depends on it), such that scran should be released under the same license, i.e. AGPL. The same would then hold for all packages that depend on scran, meaning that the current licenses of all packages depending on scran in Bioconductor should be set to AGPL.

To resolve the scran licensing issue, there are two paths. Either change all licenses of reverse dependencies to AGPL or remove the dependency on dqrng in scran, which may make more sense since the AGPL is known to be a very restrictive license which limits use of the libraries for web-based services as source code will need to be published.

Also, this finding poses the question how the bioconductor community ensures that packages are released under the appropriate license. If there isn't an automated mechanism for checking that packages are released under a compatible license, I would strongly recommend this to prevent breaching licenses without intending to do so.

It would be great if one of the core devs could provide some feedback and take the matter into their hands to resolve these problems.

agpl license gpl scran • 110 views
Entering edit mode
Last seen 7 days ago
United States

Thanks for this observation. We are discussing it and will get back to you.

Login before adding your answer.

Traffic: 533 users visited in the last hour
Help About
Access RSS

Use of this site constitutes acceptance of our User Agreement and Privacy Policy.

Powered by the version 2.3.6