(no title)
rarkins | 3 years ago
Renovate is indeed AGPL, but if you're just running it as a CLI, do you think there's anything to "watch out for"? It does not make any project you run it against AGPL, that's for sure.
Also you should be aware that dependabot-core, which dependabot-gitlab wraps, is not technically Open Source at all: https://github.com/dependabot/dependabot-core/blob/main/LICE... Wrapping a non-open source project in another project which claims to be MIT licensed does not change the underlying license. I'm not a lawyer but question the validity of them doing this without larger disclaimers.
However, I think that it's likely not something to "watch out for" either. Likely both licensing approaches were intended as a way to forbid or discourage competing services and each project welcomes people self-hosting.
In short I don't think that the license of Renovate or Dependabot is likely material for anyone planning to run it for themselves.
mdaniel|3 years ago
As for the "watch out," I apologize if that came across as scolding or whatever, but in my company, and likely quite a few others, AGPL software is forbidden. Thus, maybe I have said "be aware" instead of "watch out," so I'll try to choose more neutral advisory language next time
Your "but it's just a CLI" is the nuance of the AGPL that I don't want to pay lawyers to disambiguate since this very thread was about running a GitLab bot, over the network, or in CI which is hosted on runners that connect over the network
Maybe I just need to stay out of these threads and let people do their own license homework, but I certainly do get value when someone else makes me aware so I can dismiss the tooling. No good deed goes unpunished, I guess