Our great sponsors
-
mimemagic
Discontinued Mime type detection in ruby via file extension or file content [Moved to: https://github.com/mimemagicrb/mimemagic] (by minad)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
compliance-backend
:construction: Insights Compliance backend gets reports, and offers everything to know about them through an API
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Not so fast in that claim.
First of all the infringing file is https://github.com/minad/mimemagic/blob/master/script/freede.... Sure, it is in XML. But it contains a tremendous amount of free-form text, specific sets of pattern matching rules for the data types, and so on. It is a compilation of sometimes original research on the best ways to detect file types. Ruby has other mime libraries. The reason why this one was chosen is that its detection algorithms make better choices. And the reason that they make better choices is that they copied the decision rules from a GPLed project.
But even if it were a simple compilation, it still is not guaranteed that there is no copyright. See https://en.wikipedia.org/wiki/Copyright_in_compilation for an introductory article on what can and can't be copyrighted about a compilation. And one of the elements that matters is creativity in the selection of the material. A set of rules with a lot of "look for this" while leaving out various reasonable thats that don't work so well shows considerable creativity.
That said, a judge may decide otherwise. You never know until a judge decides. But I would not presume that there is no copyright interest to be had here.
Or use another source that is non-GPL - that's proposed here: https://github.com/rails/rails/issues/41750#issuecomment-805...
I give my boss a hard time about our dependency management system because it is relatively unknown[0], but licensing is built into it from the ground up. You can't import any dependency (no matter how buried) without assigning a license to it.
This lets us confidently know, via software, the open and closed source licenses in our code base.
Licensing is one of those out of band concerns that doesn't burn you until it does.
0: https://github.com/savant-build/savant-core
That approach is roughly being taken in this fork: https://github.com/jellybob/mimemagic/issues/1
With the difference that the gem will by default download the XML file at runtime, with the option of using a local copy specified by an environment variable. I guess they are operating under the belief that including any GPL file taints the library, or perhaps they're just playing it safe.
And according to the twitter-bio of the individual, who brought this up, he's related to Red Hat, which are also affected [^1].
[^1]https://github.com/RedHatInsights/compliance-backend/pull/79...