WordPress.org

Make WordPress Core

Opened 6 months ago

Last modified 2 months ago

#45795 assigned defect (bug)

Twenty Nineteen: missing license information for assets

Reported by: poena Owned by: williampatton
Milestone: 5.3 Priority: high
Severity: normal Version:
Component: Bundled Theme Keywords:
Focuses: Cc:

Description

The themes readme.txt file is missing license and copyright information
for the bundled svg icons.

In twentynineteen\classes\class-twentynineteen-svg-icons.php we can find references like:

'link' => /* material-design – link */ '

But there is no other information about where the icons are from,

The theme needs to be 100% compatible with GPL, and it needs to include the license and copyright information for all assets.
If there are other assets included that are missing this information, that needs to be added as well.

Change History (24)

#1 @williampatton
6 months ago

I was about to post a ticket for this very same issue. Since this one already exists I am posting my questions here.

What icons are used in the theme and what is their licence? Are they all material.io icons from Google used under Apache Licence 2.0?

Could we have that documented in the readme file for the theme? I see that is used to be noted there but was removed very early in the dev cycle for the theme at github.

Also note that for other themes distributed on .org repository we require that theme authors include a note or licence statement about all the applicable resources they use so that any derivatives of the themes are aware in advance of the licences they are bound by when using any given bundled resource.

This ticket was mentioned in Slack in #core-themes by williampatton. View the logs.


6 months ago

This ticket was mentioned in Slack in #core-themes by poena. View the logs.


5 months ago

#4 @williampatton
4 months ago

  • Milestone changed from Awaiting Review to 5.2
  • Owner set to williampatton
  • Priority changed from normal to high
  • Status changed from new to assigned

This ticket was mentioned in Slack in #core-themes by williampatton. View the logs.


4 months ago

#6 @williampatton
4 months ago

CC: @kjellr, @allancole could you help me out with looking into this? I see in the git history you have both worked with the commits adding icons to the theme.

We need to have a clear licence declaration for the icons used. I was initially thinking they were all from the same package but after a closer check I see that some were added at later points and that when they were added it wasn't clear to me where they were coming from or what licence they were being used under.

I'd like to try and get this sorted out soonish because I've been asked about it several times now by theme authors and theme reviewers.

#7 @pento
4 months ago

Thanks for the check in, @williampatton!

Just to give you an update, Automattic folk have a few contacts over on the Google Material team, so for the sake of efficiency, they've been talking directly about license compatibility. As OSS licenses tend to be less frequently tested in court, different lawyers will have different opinions on what different clauses mean, so it's an ongoing discussion. Nevertheless, the lawyers are the experts here, so I'll leave it them to work out the details. 🙂

Let's keep this in the 5.2 milestone, I agree that we need to get it addressed properly. It'll just take a bit of time, as these discussions can be a little slower moving.

#8 @williampatton
4 months ago

Hey @pento,

Awesome to hear lawyers are talking behind the scenes. They can make make decisions I'm uncomfortable making and I can just guide this one through to being committed when it's able to be resolved. Perfect :)

Also the update, on a Sunday as well, is much appreciated :)

#9 @poena
4 months ago

Hi

All of the icons are not necesarilly Google Material icons though.

Some of them were added to the theme from pull requests from different developers who did not include any license information or source information.

Example:
https://github.com/WordPress/twentynineteen/pull/472

#10 @kjellr
4 months ago

Thanks, @poena — aside from Material icons, there are two other types of icons bundled in the theme:

Custom Icons

I think there's only one of these, and it was made by me. It lives here:

https://github.com/WordPress/twentynineteen/blob/7eebe8f48b5c51e64b229052f5e357f28fb873ea/classes/class-twentynineteen-svg-icons.php#L163-L169

I believe this icon was ultimately unused though. I'll double check and if that's the case, I'll get a patch going to eliminate it if so.

Social icons

These were included following the precedent of the social media logos included in Twenty Seventeen:

https://raw.githubusercontent.com/WordPress/twentyseventeen/master/assets/images/svg-icons.svg

I'm not sure of the origins of the Twenty Seventeen ones, but my understanding is that the initial set in Twenty Nineteen was sourced from here:

https://github.com/Automattic/social-logos

This was before I was involved with the theme though, so perhaps @allancole can confirm.

From a quick look through the GitHub history, it looks like the last.fm icon you linked to is the only brand new social icon addition since the initial commit of those icons. (Other PRs simply updated the icon > URL mapping).

https://github.com/WordPress/twentynineteen/commit/970dd7368d1d035452b62646bcef739b504d7d73#diff-345c080c95a164e6ab1651e1020602a7

If/when we have clarity around the appropriate license language and/or changes that need to happen. I'm happy to create the patch for us.

#11 @williampatton
4 months ago

@kjellr I think the TwentySeventeen icons are FontAwesome. That's what's decared in the readme anyways. https://themes.svn.wordpress.org/twentyseventeen/2.1/README.txt

#12 @desrosj
3 months ago

  • Milestone changed from 5.2 to 5.3

With 5.2 beta 1 in a little over a day's time, I am going to punt this to 5.3 as there is no patch or defined action to take (if any is required).

#13 follow-up: @pento
3 months ago

  • Milestone changed from 5.3 to 5.2
  • Type changed from enhancement to defect (bug)

Moving back to 5.2 for now, as we need to address this sooner, rather than later.

(Status update for folks following along: getting Google lawyers to respond to things is... slow.) 🙂

#14 in reply to: ↑ 13 @williampatton
3 months ago

Oh I bet it is slow waiting on a reply there lol.

I agree that it would be preferable to resolve this ASAP.

The other themes hosted in the .org directory are subject to a checking process which makes sure they declare all resources used and for all of them to be 100% GPL compatible. In this theme however there is no declaration of the icons and indeed some seem to have been added to the collection without proper checking or notice of the licence they are used under.

I am happy to write a quick patch that can add in notes of the icons I can figure out the details for - but some of them I was not able to find out origins of at all :(

Replying to pento:

Moving back to 5.2 for now, as we need to address this sooner, rather than later.

(Status update for folks following along: getting Google lawyers to respond to things is... slow.) 🙂

Last edited 3 months ago by williampatton (previous) (diff)

This ticket was mentioned in Slack in #core by audrasjb. View the logs.


3 months ago

#16 @desrosj
3 months ago

@pento Do we have any update on this, or any actionable steps?

#17 @pento
3 months ago

Nothing to action at this point.

For an update, Google lawyers have responded, we're reviewing their position at the moment. @pesieminski (Automattic General Counsel, and my favourite lawyer in the world, sorry other lawyers) has kindly offered to spend some time digging into the nuances. 🙂

#18 @williampatton
3 months ago

I do not know why we need laywers here to make this one actionable. In my view there is a simple solution - we add a note about the licence the icons we know are used here and we remove the ones we dont know (@kjellr thinks there may only be a single image that is not material icons and is unused).

In my view the Apache licence 2.0, which material icons are distributed under, is quite clear about the requirements to include original licence statements. If this theme uses the icons under different licence terms than that they we should document that fact.

Also as a requirement to distribute the contents of this theme we MUST properly inform users of the licence terms they are bound by when they use/modify/distribute it. That includes telling them the limitations of the icons and informing them of their requirements should they choose to redistribute.

It's also just nice to credit the sources and I feel that being nice about it would be sufficient reason to add in. I don't understand why there is any pushback or delays against adding this.

If this were not a core theme I would not hesitate to suspend it from the directory untill it is resolved. It's my job to make sure all themes that are distributed in the directory here are correctly licenced and clearly inform people of those licences. TwentyNinteen is not doing that.

#19 @pento
3 months ago

We need to talk to lawyers because the default themes have traditionally had further restrictions than other themes. They can't just use any OSS licenses for their assets: everything needs to be licensed in a way that it can be released under GPLv2.

WordPress' current position is that packages, modules, assets, etc, licensed under Apache 2.0 can't be released under GPLv2. We're discussing alternative licensing options with Google, as well as exploring WordPress' position on Apache 2.0/GPLv2 compatibility.

It's a significantly bigger issue than providing licensing annotation for a handful of icons, hence why it's going to take some time to sort out.

This ticket was mentioned in Slack in #core by audrasjb. View the logs.


3 months ago

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


3 months ago

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


2 months ago

This ticket was mentioned in Slack in #core by chanthaboune. View the logs.


2 months ago

#24 @pento
2 months ago

  • Milestone changed from 5.2 to 5.3

Moving to 5.3, as I won't be able to get a definitive answer on this before 5.2 is released.

Note: See TracTickets for help on using tickets.