Removing readline as a dependency on unix to avoid implicating GPL3 licenses #387
Comments
|
This could break a lot of downstream code. I think we have talked about a mutex for readline/noreadline in the past |
|
@scopatz Can you point me to the discussion? |
|
Basically the idea is that we would have one build output that uses readline and another that doesn't. I think the discussion was in an issue in this repo somewhere. |
|
Alright, I think you are referring to #191, and #192 I saw this: |
|
libedit is pretty broken relative to readline. It is not a full replacement. There are really three mutex options here:
|
.. then again, we use it on macOS quite heavily and no one has complained. |
|
@scopatz @mingwandroid |
|
I know @jjhelmus has some issues with editline! |
|
OK, let me rephrase, then. I am that person. I work on some other projects that use readline/libedit. I can tell you that it is a huge headache, even on Mac, when libedit is used instead. This is because libedit only partially implements the readline API. It is not 1:1 and many APIs are missing. It causes tons of issues for users & developers who have a really hard time figuring out what went wrong. It really doesn't make sense to treat them as equivalent. In terms of specific missing functionality, it has been a couple of years, but I believe it was a lot of stuff related to tab completions, and that libedit doesn't respect the full key-binding syntax that readline has. |
These issues seem orthogonal to how appropriate readline is as the line editing component of the Python interpreter, unless you can expand on the tangible problems with using it in that context. I don't care if you select readline for your own projects, that's between you and Richard Stallman! |
|
And please do refresh your knowledge here! Could be that they've fixed everything you had a problem with since. Can I ask, do you use macOS python? Are you happy with the text entering experience there? |
|
@mingwandroid - no need to be so aggressive here. I am just saying that the last time I checked, libedit was a broken mess and abandoned. |
|
I am proposing a perfectly reasonable solution here with having a mutex. I don't think it is that hard |
|
I am not being aggressive, I'm asking for tangible problems with editline in python. That is all! |
|
Adding variants isn't so problem-free IMHO. They expand our build matrices a lot, increasing overall package counts. It also increases the amount of variation seen in the wild which will lead to more issues to solve. Overall, if editline in python on Linux is in general considered "good enough" then we should stick with it. |
|
I feel like you are being aggressive by making this about "Me & Stallman" and telling me to "refresh my knowledge." This personalizes the issue. This really should be a civil discussion about the pros/cons of various packaging strategies. |
|
Sorry, the Stallman comment was a joke only. But I do think you are personalising the issue by bringing in unrelated things here (API etc). I didn't mean offense. I also need to refresh my knowledge on editline vs readline, as we all should (if it is lacking!) if we want to talk about it reasonably. |
|
Alright, sorry, I didn't read it as a joke. Sounds like we can just stick to the technical, which works for me. For reference, here is the editline repo: https://github.com/troglobit/editline The README has may places where it says that it is designed to be smaller and not implement all of the features of readline. There are also some issue, like https://stackoverflow.com/a/7116997, where the actual usage patterns are different between the two libraries. Codes downstream from Python, like xonsh have definitely hit these issues, https://github.com/xonsh/xonsh/pull/93/files. My point here is that a switch to editline from readline could break other packages, even if everything compiled & linked correctly and the Python test suite passed. An alternative to both of those might be |
|
@scopatz which makes me think that it's using this editline/libedit and not the one you linked. |
|
For the readline library, I had originally been targetting python 3.7 as that's what we're looking to distribute and the code about the runtime check is no longer encapsulated in an |
|
That would not work as the ABIs are not compatible. (edit: missed your comment re the emulation lib, the compatibility stuff will elide functionality I expect and Python may not handle that gracefully, still some experiments would be worthwhile). My personal preference at present is to have python-core (or -base), python-gpl and python-nongpl as top level packages, then python == python-gpl. The others just pull in python-readline-readline and python-readline-editline output packages. We create them all at once from a single package and then make sure python's readline module loader handles switching behavior. Then we slowly migrate all our build deps to python-core (or -base) .. if we can't just agree that editline itself is "good enough" (@scopatz, I think that difference between editline and readline should be handled inside Python really then no packages would need patching, and of course it'd be nice to upstream any such patch). |
|
@mingwandroid |
|
Some other opinions: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498857 https://pyoxidizer.readthedocs.io/en/oxidized_importer-0.1/packaging_licensing.html I would not care if we just leave this. The general consensus is that this is not a problem. |
|
@scopatz i thought i went through the packages you were previously worried about and found that they all stopped using readline because readline's functionality was too limited. Instead, they all use prompt-toolkit
edit: eek wrong link |
|
Yeah, I think this is less of an issue for the packages we know about. But there may be packages and users out there we don't know about. And yeah, don't get me wrong. I am totally.in favor of providing a GPL free version, and letting deps and packages choose what they need. It just has yet to be anyone's priority, but would be nice to have if it was. |
|
Two more ideas:
|
|
I think the underlying problem goes beyond this particular python package. Linking to FFMPEG could make your whole software GPL for example. In my mind, it would be good to push some GPL-free feature for a host of other packages. |
|
I am wary of misunderstandings concerning the GPL (though I'm not an expert). I do not understand what you mean about FFMPEG, with regards to our ecosystem. How do you "push some GPL-free feature" for such a huge library? Do that not mean someone needs to rewrite it and release it in some license that you are more happy with? Yes, linking to FFMPEG could confer GPL status on the thing you built (depending on the definition of linking - simply importing it via an interface into your python code will not do this to your python code - sure it'll pull some GPL into your env, but well, we all use GPL stuff in our envs each and every day, by and large), but it's the right of the FFMPEG developers to assert this. If you want to use their work under a different license then you'd need to get in touch with them or else find an alternative. For me these freedoms, not problems. If you are hoping to 'productize' conda environments in some fashion (otherwise why would you care about GPL?) and licenses are creating restrictions on that then I don't really have a huge amount of sympathy. These are the moral rights of the softwares' authors and it's important that it is known that you can still sell GPL things and you can sell things that mix GPL things with non-GPL things. SUSE does that all the time. In many ways python and its module system can be considered a distribution, in fact it is often referred to as that. It is a runtime environment in which the user is free to run the readline module or not. This can, IMHO be considered as being similar to a Linux distro placing GPL software beside non-GPL software. Yes, our Python readline.pyd will dynamically auto-load readline.so, but it will dynamically link to any readline.so that implements the same ABI. If we want to be super-clean about this we should rewrite the readline header (as much as Python needs of it anyway) and release that under BSD, then include that in the python build. That way, the python build would not have ever even seen GPL software and in that instance it'd be impossible to argue that our Python is not GPL-free. That conda install python then ends up with a runtime environment that includes readline is a different issue and we'd be free to provide alternatives at that level for anyone who cared. Outside of doing the above, I think since we have a few different tools (mutexes, split outputs, optional constrained dependencies) at hand to improve the categorization of readline component of Python (and given it does look at GPL stuff during compilation and linking) we probably should continue to explore that. |
|
i'm not trying to change the intent of the original authors. conda is licensed as BSD, and as a user of conda, I would like to respect that. However, the legal text of GPL is quite long and complex. If I know I don't use any of the GPL features in my system, I would like the piece of mind that I'm not infringing on any of their 17 sections. Their FAQ is even longer.... I think GPL makes it rather clear that Maybe the GPL is valuable to some programs, but it is a complex document, that is rather dense and hard to understand. A GPL-free way to distribute code would be nice. If you aren't making a program interactive, why would you want to subject yourself to the ongoing requirements of the GPL. |
|
Thanks for all the discussion: @scopatz @mingwandroid @hmaarrfk @mingwandroid while it is true that I do have a commercial interest in redistributing python, but part of the problem is just packaging.I like your solution of just splitting out the readline module in to it's own package. In this case, it's really doable. What the downstream consequences are, I don't know, but I can definitely appreciate the complexity and unintended consequences. I think the discussion between @hmaarrfk and @mingwandroid over ffmpeg brings up a really big concern of mine: how do you really know what licenses you need or are using? ffmpeg is a really peculiar case because ffmpeg on it's own is released under LGPL, though it can be compiled to use GPL licensed libraries. On the linux side at least, those GPL libraries are included, which makes distributing the version built by conda-forge GPL. But in this case, how do you split the package in 2? Further discussion on distributing ffmpeg is needed and I know @hmaarrfk has already started it in the right places. All of that got me to think about this: how do we find a balance of managing licenses for the community (through the distribution) and by the community (who develop packages on top of the distribution)? |
|
I just wanted to cross reference an issue with constructor that had been touted as a "solution" or workaroudn for this kind of problem: |
While auditing our python distribution, we discovered that the python version built by conda-forge could be required to be distributed under a GPL3 license, which is not viable for commercial purposes.
This arises from the fact that the python library is built with readline, which is GPL3.
Given that this could create some issues for commercial distribution of conda-forge/python, what are your thoughts on removing it? A possible replacement is libedit
(I know this is easy to do, and I'm trying it out, but for some reason I'm not able to run docker image to build locally. So in the mean time, I thought I would ask the community while I try to debug my situation and test this change)
The text was updated successfully, but these errors were encountered: