Hacker News new | ask | show | jobs
by kolaente 1287 days ago
As far as I understand it, MIT only requires you to include the attribution next to the binary so ias you guessed next to the source code on the server.

However, the js shipped to clients is usually minified and transformed which means it may count as "compiled" and thus the same rules as for binaries would apply.

Cases like these are the reason why the AGPL exists.
3 comments
shafyy 1287 days ago
> Cases like these are the reason why the AGPL exists

Exactly. Not sure why they Ghost doesn't use AGPL. Still, it would have been kind of fair from Substack to approach this more open and collaboratively...

link
none_to_remain 1287 days ago
If I use some MIT licensed dependency to power a service at work, I don't beg permission from the maintainers first
link
miroljub 1287 days ago
While agree that it would be nice from the Substack to give credit to Ghost, they are not required to do.

It's unfair to complain about Substack doing exactly what they are explicitly allowed to do by the company that released Ghost under that specific licence that they choose to.

link
shafyy 1286 days ago
Yes I agree it's unfair to complain, and I don't think Ghost is complaining (at least I don't see complaints from what John tweeted). It's more about "giving credit where credit's due" I think...
link
freedomben 1287 days ago
Because AGPL probably would have made it a no-go for substack to use. They seem to genuinely want to collaborate: https://twitter.com/JohnONolan/status/1602330416643702784
link
shafyy 1287 days ago
Why would AGPL have made it a no-go for Substack? Also, it looks like Ghost wants to collab but there's nothing from Substack in the Twitter thread you linekd?
link
wil93 1287 days ago
IANAL but I think integrating AGPL code would affect the license of the rest of the codebase too: Substack would be forced to release the rest of their codebase as AGPL too. This is why AGPL is considered a "viral" license.
link
giantrobot 1287 days ago
Because AGPL infects their entire service. You'll be hard pressed to find any commercial service adopting AGPL projects. Even the GPLv3 is often immiscible with commercial services. At least GPLv3 can be contained to only part of your stack.
link
ushakov 1287 days ago
> Ghost wants to collab but there's nothing from Substack

Substack doesn't have to "collaborate" do they?

link
bambax 1287 days ago
Minified versions of most JS libraries include a copyright notice as a top or bottom comment. How hard is it to respect this basic requirement?
link
jairajs89 1287 days ago
Hey, Substack CTO here. We actually link directly to the jsdeliver CDN to use the files that get built for distribution in the sodo-search npm library. We make no modifications to the files (including not minifying them anymore than they are). The files actually do have a link at the top to the license file, which is hosted in the same directory on jsdeliver.
link
bakkoting 1287 days ago
> The files actually do have a link at the top to the license file

That's not actually the license for the file; it's the license for the resources it includes. The license for the file is available elsewhere but is not directly linked. See my comment at https://news.ycombinator.com/item?id=33959622

link
srt72910 1287 days ago
understood
link
coldtea 1287 days ago
Quite hard. Isn't the whole point of the minification to remove non functional parts to make the size smaller?
link
zerocrates 1287 days ago
Not really hard... for one there's a convention of putting an exclamation point at the start of comments that should survive the minification/compilation process, for this very purpose.
link
bambax 1287 days ago
Not hard at all. A couple of comments won't make any difference. Here's the minified version of one of react components for example:

https://unpkg.com/react@18.2.0/umd/react.production.min.js

link
makkesk8 1287 days ago
I highly doubt you can count minified as "compiled" Minification is a form of compression. Compilation is a form of conversion from a high level to a lower level interpretation and that is fundamentally different.

But then again I'm not a lawyer :)

link
jdsully 1287 days ago
The intent is for attribution to be kept with the code. If your minifier removes the attribution you’re likely in violation.
link
bombcar 1287 days ago
And the minifier’s job is to remove things like comments which is right where the attribution is likely to be.

Now if a third party thing like a cloudflare CDN were minifyer for you and removed it then who violated the license?

link
shawnz 1287 days ago
There is an informal standard in which copyright notices are annotated with a leading "/*!” to let minifiers know that they should be preserved.

See https://stackoverflow.com/questions/11248363/the-purpose-of-...

link
jdsully 1287 days ago
If the CDN is just a part of your architecture that you voluntarily setup then you’re likely the one violating. Even if not the CDN very likely has an indemnification clause in their contract which would shift that liability back to you.
link
jairajs89 1287 days ago
Hey, Substack CTO here. We actually don't minify or modify the files in question at all and simply link to the versions hosted on the public jsdelivr CDN (which includes a link to the license right at the top of the file)
link
cxr 1287 days ago
First off: weird take, and one that would be unlikely to hold up. But secondly: what is that supposed to matter, anyway? That is, why are you litigating the definition of the word "compiled"? No finding, whether for or against your argument, would have any bearing on questions about compliance with the terms of the MIT license, so the word's definition and its significance is null. It's a total red herring and a distraction to bring up in any discussion on the topic.
link
thomasballinger 1287 days ago
I figure compilation is a big tent and this counts, but imagine

--rename-properties WARNING: renaming properties requires deeper analysis, considered compilation in the US

link