I was just checking the software licenses of Bioconductor packages and I think I spotted an inconsistency:
- CRAN package dqrng is licensed under AGPL-3
- scran depends on
dqrngbut is licensed under GPL-3 and not AGPL-3.
From my understanding of open-source licenses, since
scran is a modified version of
dqrng (it depends on it), such that
scran should be released under the same license, i.e. AGPL. The same would then hold for all packages that depend on
scran, meaning that the current licenses of all packages depending on
scran in Bioconductor should be set to AGPL.
To resolve the
scran licensing issue, there are two paths. Either change all licenses of reverse dependencies to
AGPL or remove the dependency on
scran, which may make more sense since the AGPL is known to be a very restrictive license which limits use of the libraries for web-based services as source code will need to be published.
Also, this finding poses the question how the bioconductor community ensures that packages are released under the appropriate license. If there isn't an automated mechanism for checking that packages are released under a compatible license, I would strongly recommend this to prevent breaching licenses without intending to do so.
It would be great if one of the core devs could provide some feedback and take the matter into their hands to resolve these problems.