(I apologize if a similar post has been previously made.)
BinaryBuilder.jl and the JuliaBinaryWrappers registry make it incredibly easy to expose 3rd party softwares through julia. The autogenerated .*_jll packages are registered under the MIT license. Suppose the 3rd party software which julia wraps is licensed under the GNU Public License or other.
Could a user get in trouble with copyright laws if they commercially use a jll (MIT license) which wraps a 3rd software (GPL)?
Suppose a developer wants to write a julia interface for a jll which contains software licensed with GPL. Is it imperative that the interface package being develop is also registered under GPL?
I’m concerned that mishandling licenses as 3rd party software is exposed through julia might allow for julia users to unknowingly put themselves in a copyright violation.
Note: I have little experience in copyright law and I have not found much julia-specific documentation on this topic.
They cannot–provided the user complies with the GPL’s requirements for “conveying” the resulting work (generally the work as a whole must be licensed under the GPL if the work is given to someone else in source or binary form). Note that the GPL explicitly does not prohibit commercial use or sale of covered software.
I agree that licensing the jll packages under the same license as the upstream software would be a good thing to do to prevent confusion.
If the interface package is licensed under a license “compatible” with the GPL it’s fine from a legal perspective. That simply means the work taken together (interface package plus GPL-licensed software) is licensed under the GPL.
JLL packages are very simple, auto-generated scripts, they don’t know anything about the API of the libraries they provide, they limit to dlopen open the libraries, that’s it. It’d be very hard to claim that the JLL wrappers violate any copyright. As noted in the documentation about JLL packages, the license file only applies to the JLL package, and it may differ from the license of the binary library they provide, which is shipped inside the tarball. The Julia package using the JLL package to install the binary library may even have yet another license.
Regarding the license of a Julia package calling a GPL-ed library, you can read the section about license in README.md of FFTW.jl.
In particular, the fact that the wrapper is MIT-licensed is largely irrelevant: if you redistribute a derived work that includes GPL components, then you must comply with the GPL, which means that you must provide the source of the entire derived work under the terms of the GPL. If you’re just using GPL code together with proprietary code but not redistributing it, then you’re in the clear.
I am not a lawyer and this is not legal advice, just my understanding of the matter.
While the wrapper files are licensed under MIT, there might be an issue with distributing a differently licensed library from the same repository (as the binary provider currently does). Generally linux packaging systems make the packages have the same license as what is being packaged (for instance the Fedora .spec file is licensed as MIT, but the .rpm package you download is licensed with the license of the program/library it contains Licensing:Main - Fedora Project Wiki and License: field in Spec File :: Fedora Docs. I’d be inclined to trust the way Fedora does this since they have RedHat legal look over everything they do…
In the Julia BinaryProvider case, the release tarballs on the repos should be licensed with the same license as the library/program they contain.
Perhaps it would be good to add a short section to the generated jll readme stating the license of the release tarballs on the repository upfront - and possibly even make the license for the jll package configurable (if I am not mistaken, there is no hard rule that BinaryBuilder must produce MIT licensed jll packages - and if you wanted to you could make a rule for Yggdrasil that the jll’s must be MIT but let people host their own differently licensed packages). By adding a section in the jll readme about the license of the archive that is automatically downloaded, it gives them more information upfront. This is important for some companies that have developed policies about open source software use, since some policies can be pretty restrictive - see the Google ban on any use of AGPL in the company AGPL Policy  | Google Open Source.