Misleading License Information for com.google.ar:core library
#1538
Comments
|
Hi, the sources distributed in the sources JAR should be the same license. This is probably a bug in the generation of the source files; please let me take a look. Fair warning, I don't think will be fixed by 1.33. |
|
FWIW, let me try to clarify ARCore's distribution and the nature of the source,
|
Oh, so the AAR as a whole is not open source / licensed with Apache License 2.0. That is really unfortunate. I recommend updating the LICENSE file and the license mentioned in the POM file to clarify this. If part of the published library are not under the Apache License 2.0, the package as a whole may not be redistributed under the terms of the Apache License 2.0. In case you/your team wants to reconsider this in the future: I think you lose nothing if you make that part open source too, because the real valuable "magic" of ARCore lies in the separate proprietary Google Play Services for AR APK anyway, not in the communication with that APK. |
westnordost
changed the title
com.google.ar:core librarycom.google.ar:core library
|
As it turns out, as long as the For any current users of this library (like me), it would also be very important to learn as soon as possible whether you intend to
In case of the former, It is important to clarify because currently, open source projects continue to be mislead into that using this library is safe to use. This is causing real damage, in terms of working time invested, as any copyleft licensed code that has been working with ARCore is worthless (now). Imagine having worked half a year on some copyleft AR application trusting the license information given, only to find out that the license claim of a library you based your work on was wrong. In case you plan to make all parts of the Android library open source, please note that currently many(/all?) of the Java source files contained in the published maven sources JAR have their actual implementation removed (with comments like |
|
AINAL, but, while it shouldn't have be said explicitly, there are obvious legal problems with saying and presenting a library as open source, but then not providing any source, at least not in any conventional way the rest of the industry provides it. Source Available != Open Source, at least in this case, as platforms like F-Droid follow this definition to the letter, requiring all applications to be built from scratch, which requires all sources to be available, referable, and under the same license the whole library was originally published. |
|
It is very concerning to me as a user and developer of open source software that Google would allow such sloppy misrepresentation. The reality should be very simple, your words:
That you've obfuscated this by introducing blobs, sdks, and methods without implementations (APIs) would make me apprehensive of using Google's code in my own projects. You've got developers NOW that have used your code in good faith under the terms you've advertised it only to find out it's not compatible with open source licensing. You've wasted a lot of people's time and deceived them. Do the right thing and open source the project, the right way. No funny business. Or in 20 years time, like Microsoft today, you'll be spending billions of dollars to buy back the good will you've burned with the community of developers. |
|
@devbridie would you know if there is an active effort or discussion at Google at this time to address (correct or clarify in github repository) this incorrect ARcore licensing claims? |
|
May I suggest a courteous,
That would be nice anyway. |
|
It looks like the ARCore team finally cleared up the misleading license claim in this commit to the LICENSE file, confirming that the ARCore library is indeed not open source: If no further action is planned, feel free to close this issue. |
SPECIFIC ISSUE ENCOUNTERED
According to the POM file published for the Android library
com.google.ar:coreand according to the LICENSE file in this repository, the library, including all the source files, (i.e. not anything of the ARCore app itself) are published under the Apache License 2.0:arcore-android-sdk/LICENSE
Lines 18 to 25 in d197af6
The actual source files are not provided in this repository but are only available via the google maven repository:
https://dl.google.com/dl/android/maven2/com/google/ar/core/1.32.0/core-1.32.0-sources.jar
However, contradictory to the license statement made in the POM and in the LICENSE file in this repository, not all but some of the *.java files contained in the published source JAR contain the following comment at the top:
, e.g.
Trackable.java. Edit: Additionally, many/all? actual implementation has been removed and replaced with comments like// Method contents removed..Such contradictory information makes this library problematic to use as an open source library as it introduces legal uncertainty. Noone wants to risk legal uncertainty towards Google.
VERSIONS USED
com.google.ar:core:1.32.0
Edit: persists in 1.33.0
SOLUTION
Make sure any contradictory license information is removed and all code in object form is also provided in source form in at least the source JAR published in the maven repository or better even in this git repository.
The text was updated successfully, but these errors were encountered: