GPL-3 or MIT?

[phishalot]

Howdy,

Since there is no GPL-3 license file (but there is a MIT one) in the repo would it make sense to remove the GPL-3 mention?

store/package.json

Line 32 in b4f4c6f

"license": "(MIT OR GPL-3.0)",

[marcklingen]

+1, we screen for licenses of dependencies and store2 popped up due to the potential GPL-3.0 license even though the project seems to be fully MIT

[marcklingen]

Just found your answers here:

• The package.json license field does not reflect LICENSE-MIT #88 (comment)
• why did you added "license": "(MIT OR GPL-3.0)" #121 (comment)

In a lot of ways, specifying both GPL 3 and MIT seems contradictory, but the intent is to offer this under the "do whatever you want, as long as we're not liable" plan so you can use this in any stack, without legal considerations.

Is there a downside to using only "MIT" with your goal in mind? All other dependencies in our projects have only OSS licenses and I'd assume that including "OR GPL" will trigger copy-left alerts for many others as well.

[nbubna]

These are both OSS licenses, and if the option to use this under GPL 3 triggers an alert, then it's a false positive. You may use this under MIT or GPL. I offer both, choose whichever suits you.

[mistercrunch]

Hello! It's a false positive for us in the Apache Superset community, and probably for everyone using this lib alongside actions/dependency-review-action, and presumable other license checkers. I believe it'll be affecting anyone using a recent react-storybook as well by extension.

My recommendation would be to pick a license and be clear about it. MIT is most permissive, so unclear why anyone would chose GPL3 given the choice.

[nbubna]

Ok. I give.