Description
In one of our python projects (then jtd-to-proto, now py-to-proto), we added jtd as a dependency for validation based on its listed license as MIT being an acceptable license for commercial use. In scans of downstream projects, we realized that the dependency on strict_rfc3339 introduces a GPLv3 licensed dependency (see its pypi page) which our legal team deemed an inadmissible license dependency for commercial software that used our open source py-to-proto library. The request here is to clarify this library's MIT licensing and how it relates to the GPLv3 license on its required dependency. Things I could imagine working would include details of your interpretation of GPLv3 that allow this package to be MIT licensed, a plan to change the license to match the copy-forward nature of GPLv3, or a plan to remove the dependency.
Context
Description
In one of our python projects (then
jtd-to-proto, nowpy-to-proto), we addedjtdas a dependency for validation based on its listed license as MIT being an acceptable license for commercial use. In scans of downstream projects, we realized that the dependency onstrict_rfc3339introduces a GPLv3 licensed dependency (see its pypi page) which our legal team deemed an inadmissible license dependency for commercial software that used our open sourcepy-to-protolibrary. The request here is to clarify this library's MIT licensing and how it relates to the GPLv3 license on its required dependency. Things I could imagine working would include details of your interpretation of GPLv3 that allow this package to be MIT licensed, a plan to change the license to match the copy-forward nature of GPLv3, or a plan to remove the dependency.Context
py-to-protoremovingjtddependency: Remove validation IBM/py-to-proto#33py-to-protoreimplementing validation logic: Internal validation IBM/py-to-proto#36